This project involved designing and deploying a comprehensive network monitoring and security operations lab environment running on Proxmox virtualization. The goal was to create a realistic, fully integrated monitoring stack that mirrors what enterprise environments use for infrastructure visibility and threat detection.
The lab runs on Proxmox VE as the hypervisor, hosting multiple virtual machines — each dedicated to a specific monitoring tool. The architecture was designed to simulate a small enterprise network with various monitored endpoints, network devices, and security sensors.
Zabbix serves as the primary infrastructure monitoring solution, tracking system metrics like CPU, memory, disk usage, and network interface statistics across all VMs and simulated network devices. Custom templates and triggers were configured to generate alerts for anomalous conditions.
Graylog acts as the centralized log management platform, collecting and indexing syslog data, application logs, and security events from all systems in the lab. Log parsing pipelines and dashboards were built to provide quick visibility into system health and security events.
Wazuh provides host-based intrusion detection (HIDS), file integrity monitoring, and security compliance checking. It monitors system calls, file changes, and authentication events, correlating them with threat intelligence feeds to identify potential security incidents.
LibreNMS handles network device monitoring via SNMP, providing detailed visibility into network interface utilization, errors, and device health. It complements Zabbix by focusing specifically on network layer metrics.
Flowmon was integrated for network flow analysis (NetFlow/sFlow), enabling traffic pattern analysis and anomaly detection at the network level. This provides visibility into communication patterns that traditional monitoring tools might miss.
All tools are integrated to work together — alerts from one system can trigger investigations in another, creating a cohesive monitoring and incident response workflow.