# Role: monitoring

## Description
Installs comprehensive system monitoring tools and custom monitoring scripts for performance analysis and security monitoring.

## Requirements
- Ansible 2.9+
- Debian/Ubuntu systems
- Sufficient disk space for logs

## Installed Tools
- **htop**: Interactive process viewer
- **btop**: Modern system monitor (from apt or binary)
- **iotop**: I/O monitoring
- **nethogs**: Network usage per process
- **iftop**: Network bandwidth monitoring
- **ncdu**: Disk usage analyzer
- **fail2ban**: Intrusion prevention
- **logwatch**: Log analysis and reporting

## Custom Scripts
- `/usr/local/bin/monitoring/sysinfo`: System overview dashboard
- `/usr/local/bin/monitoring/netinfo`: Network monitoring script

## Variables

| Variable | Default | Description |
|----------|---------|-------------|
| `monitoring_install_htop` | `true` | Install htop process viewer |
| `monitoring_install_fail2ban` | `true` | Install intrusion prevention |
| `monitoring_install_logwatch` | `true` | Install log analysis |
| `monitoring_custom_scripts` | `true` | Install custom monitoring scripts |

## Dependencies
- `base` role (for basic packages)

## Example Playbook

```yaml
- hosts: servers
  roles:
    - role: monitoring
      monitoring_install_fail2ban: false
```

## Tags
- `monitoring`: All monitoring tasks
- `tools`: Tool installation only
- `scripts`: Custom script deployment
- `security`: Security monitoring tools

## Fail2ban Configuration
- **SSH protection**: Enabled by default
- **Ban time**: 10 minutes
- **Find time**: 10 minutes  
- **Max retry**: 5 attempts

## Notes
- Creates monitoring user directories
- Configures fail2ban with custom rules
- btop installed from apt on Debian 12+, or from GitHub binary on older versions
- Custom scripts require manual execution