Watch

The signals

In a nutshell

Every other layer describes what exists; this one proves it’s running. Watch is how the enclave knows it’s alive — and learns the moment it isn’t. It collects the logs and metrics each service emits, renders them where a person can read them, watches for security events that shouldn’t be there, raises an alarm when something crosses a line, and keeps one watcher deliberately outside the enclave so the failure of the whole can still be seen.

This layer is the topology, not the toolbox: what watches what, where the forwarders sit across the zones, and how a signal reaches a person — the observability posture. The products that do the actual watching live in Software, each on its own page: Loki for logs, Grafana for metrics and dashboards, Wazuh for security detection, and Matomo for usage analytics. Where Guard tries to prevent trouble, Watch is built to detect it.

Has anything touched?

If reading this made you want to argue with it, extend it, or notice what's missing, that's the signal to show up.

:/back-to-top