This setup gives me complete visibility across my entire homelab, no matter where I am. Logs from all devices flow into a single place, making it easy to understand what’s happening across the network at any moment. High‑severity events trigger automated alerts, reducing the time between detection and response. Hardening the systems according to CIS guidelines significantly reduces the attack surface, especially for the server that stays online around the clock. The entire environment becomes more reliable, more secure, and far easier to manage — even when I’m away from home.

One of the most useful aspects of this system became clear when I was away from home for a full month. During that time, I received an alert that the cameras in my house had suddenly gone offline. Since the system monitors all critical devices, it immediately notified me of the change. Later, I found out that some relatives had visited the house and turned off the cameras without realizing it. Without the monitoring setup, I would have had no idea anything had changed.

Another real‑world case involved my 24×7 servers, which run under the TV cabinet at home. Because of their placement, they occasionally get powered off by mistake when someone switches off the cabinet. Each time this happened, I received an instant alert that the server had gone offline. This allowed me to quickly inform my family and get the system back online without guessing what went wrong. These small but meaningful incidents showed how valuable continuous monitoring can be in everyday scenarios.

Before building this system, I used to run my personal website on an old laptop that stayed online all day. At the time, I knew in theory that bots constantly scan the internet for open services, but I had never witnessed it firsthand. My SSH was running on the default port, there was no firewall, and I hadn’t implemented any real security measures.

Once I set up Wazuh and connected the server, I immediately started receiving alerts about repeated failed login attempts from unknown IP addresses. Seeing those attacks in real time made the threat feel real. It was clear that automated bots were actively trying to break into my system. That experience pushed me to secure the server properly — changing ports, enabling firewalls, hardening configurations, and locking down access.

The monitoring system didn’t just detect the attacks, it changed the way I approached security altogether.