I monitor my site extensively, especially people doing weird stuff on it.
I’ve a number of triggers and technologies set up, and I’m always swapping them in and out, with all logs going to Splunk.
From there I write custom filters for the types of things I want to know about immediately, get daily logs for, weekly reports, etc.
One of the things I monitor is people hitting my WordPress instance. Why do I run WordPress, you ask? First, it’s a decently competent CMS. Second, so I can do stuff like this.
The top image shows the countries that have most tried to log into my WordPress instance over the last 30 days. This one shows the most common passwords used.
[ NOTE: For these passwords and more, check out the SecLists Project here. ]
Half the fun of running a public server is closely watching what people are doing to it. Some people watch TV. I watch logs.
Here’s my post on how to log POST data on Nginx.