Monitoring

Last updated

Three signal sources, complementary.

1. Audit log

/jabali-admin/audit. Append-only structured rows. Every privileged mutation lands here:

  • Subject (user being acted on).
  • Actor (operator / user / system that initiated).
  • Source (UI / CLI / reconciler).
  • Action (domain.create, db.root.rotate, mailbox.passwd, etc.).
  • Target (resource id).
  • Result (ok / fail + structured error code).

Use for: forensic “who did what when” investigation; compliance.

CLI:

jabali audit list --since 24h
jabali audit list --since 7d --action 'db.*'
jabali audit list --user <id>

2. Notifications

/jabali-admin/notifications. Event sources fan out to 6 channels (see notifications.md).

Use for: human-attention-needed alerts in real time.

3. Metrics

GET /metrics (Prometheus). Buckets:

  • HTTP: panel_http_requests_total{path,method,status}, panel_http_request_duration_seconds{path}.
  • Reconciler: panel_reconciler_ticks_total{result}, panel_reconciler_tick_duration_seconds, per-converger tick counts.
  • Agent: agent_calls_total{action,result}, agent_call_duration_seconds{action}.
  • Notifications: notifications_dispatched_total{channel,result}, queue depth.
  • Backups: backup_run_duration_seconds{destination,kind}, backup_bytes_total{destination}.
  • SSL: ssl_certs_expiring_soon, ssl_renewals_total{result}.

Use for: time-series dashboards (Grafana) + alertmanager rules.

Tail-the-logs alternative

For ad-hoc:

journalctl -u jabali-panel -u jabali-agent -u nginx -u stalwart-mail -f

Structured JSON in stdout from panel-api and agent; jq away.

What’s not included

  • APM / tracing: not yet. OpenTelemetry support is on the roadmap; the panel + agent currently emit log lines but not trace spans.
  • Continuous profiling: not shipped.
  • eBPF observability beyond Tetragon’s tripwires (M33): not shipped.