Watch
The signals
In a nutshell
Every other layer describes what exists; this one proves it’s running. Watch is how the enclave knows it’s alive — and learns the moment it isn’t. It collects the logs and metrics each service emits, renders them where a person can read them, watches for security events that shouldn’t be there, raises an alarm when something crosses a line, and keeps one watcher deliberately outside the enclave so the failure of the whole can still be seen.
This layer is the topology, not the toolbox: what watches what, where the forwarders sit across the zones, and how a signal reaches a person — the observability posture. The products that do the actual watching live in Software, each on its own page: Loki for logs, Grafana for metrics and dashboards, Wazuh for security detection, and Matomo for usage analytics. Where Guard tries to prevent trouble, Watch is built to detect it.