Monitor
Tails /var/log/auth.log in real time. Streams events through a Docker engine with a host-side responder for nftables access.
Rivet tails /var/log/auth.log, detects brute-force in real time, and blocks attackers with nftables — then pings you on Slack, Discord, or any of nine channels.
An always-on agent that does the boring security work so you don't have to babysit fail2ban configs at 2 AM.
Tails /var/log/auth.log in real time. Streams events through a Docker engine with a host-side responder for nftables access.
Pattern-matches SSH brute-force, scans, and anomalous traffic. Tunable threshold + window — defaults to 5 failures in 60 seconds.
Installs nftables rules instantly. Auto-unblock after 24h, or keep permanent. CIDR allowlist for your office and bastion hosts.
Four steps. No agent fleet, no SaaS dependency, no log shipping off your box.
/var/log/auth.log
pattern · threshold
nftables rule
9 channels
Slack · Discord · Email · Telegram · Webhook · ntfy · Signal · WhatsApp · Pushover
No seats, no MRR, no surprise renewals. Buy it once, run it on as many of your own VPS as you like.
The installer pulls the engine container, sets up the host-side responder, opens the console on :3000, and prints your API token.