zabbix, we make triggers, you can monitor the entire zoo of servers.
unsuccessful attempts to log into the server,
the status of hard drives and raid. (up to the temperature of each individual drive)
the status of free space on hard drives.
amount of free memory.

Logging seems to solve this problem. Article: winston: Pluggable async logging library for Node.js

If there are more than one servers, and there is no embarrassment in the means to remove another one, I strongly advise you to read about it www.zabbix.com/ru
But this is about monitoring the server itself, and regarding the code, you need a logging system to files, but think it over well in advance , whether to split the logs by day/message type, in which environment what to write, etc.

put statistics graph. munin for example. if there is something suspiciously abnormal against the usual on the charts, then look at the logs.
this way you can monitor several servers in a common interface

monitoring system
Now setting up zabbix for my machines

The easiest automated way is to connect monitoring https://www.datadoghq.com/ Free of charge up to 5 servers and much easier than zabbix by an order of magnitude.

Zabbix + Munin is already the de facto standard. You can monitor anything.
To track changes in files, you can install: AIDE as one of the simple solutions, etckeeper is a more serious tool.
If you just want to get a report on the server, then logwatch It
is better to get data from DDoS attacks from your hosting provider. They most likely collect statistics from network equipment with Flow Spec and know what traffic went where.
PS: this is the easiest set of tools to start with

We make an output in a text file. we write a script on the same node. When necessary - display all suspicious

A trigger is created on the router: deviation from normal behavior.
Basic: the request contains a new combination of characters, unlike regular requests.
After that, a detailed log of this IP (with an indication of the session ID inside the log itself) is automatically included in a separate file with a simultaneous notification to the admin.

1) control panel with all sorts of monitoring plugins. The only more or less option here is ajenti.
2) a more serious option - zabbix, there you already write what you want and how you want
3) munin - only graphics. Also a bunch of plugins, it's very easy to write it yourself.

Microsoft Insights has interesting functionality - graphs, logging, analysis by various parameters, notifications, and so on.