Workflow overview
Why this workflow matters
Relevant for managed services and support workflows.
Monitor VPS security with AI analysis via SSH and Telegram alerts This AlekSystem template automatically monitors your VPS for suspicious processes and network connections using AI analysis. It connects to your server via SSH, analyzes running processes, and sends Telegram alerts when potential security threats are detected. Who's it for System administrators managing VPS/dedicated servers DevOps teams monitoring production environments Security-conscious users who want automated threat detection Anyone running services on Linux servers who wants proactive monitoring How it works The workflow runs on a scheduled basis and performs the following steps: SSH Connection: Connects to your VPS via SSH and executes system commands to gather process and network information Data Collection: Runs ps aux --sort=-%cpu,-%mem && ss -tulpn to capture running processes sorted by CPU/memory usage and active network connections AI Analysis: Uses OpenAI's language model to analyze the collected data for suspicious patterns, malware signatures, unusual network connections, or abnormal resource usage Structured Output: Parses AI responses into structured data identifying malicious and suspicious activities with explanations Alert System: Sends immediate Telegram notifications when malicious processes are detected Requirements SSH access** to your VPS with valid credentials OpenAI API key** for AI analysis (uses GPT-4 mini model) Telegram Bot** and chat ID for receiving alerts Linux-based VPS or server to monitor How to set up Configure SSH credentials: Set up SSH connection to your VPS in the "Execute a command" node Add OpenAI API key: Configure your OpenAI credentials in the "OpenAI Chat Model" node Set up Telegram bot: Create a Telegram bot and get the API token Get your Telegram chat ID Update the admin_telegram_id in the "Edit Fields" node with your chat ID Configure Telegram credentials in the "Send a text message" node Adjust schedule: Modify the "Schedule Trigger" to set your preferred monitoring frequency Test the workflow: Run a manual execution to ensure all connections work properly How to customize the workflow Change monitoring frequency**: Adjust the schedule trigger interval (hourly, daily, etc.) Modify analysis criteria**: Update the AI prompt in "Basic LLM Chain" to focus on specific security concerns Add more commands**: Extend the SSH command to include additional system information like disk usage, log entries, or specific service status Multiple servers**: Duplicate the SSH execution nodes to monitor multiple VPS instances Different alert channels**: Replace or add to Telegram with email, Slack, or Discord notifications Custom filtering**: Add conditions to filter out known safe processes or focus on specific suspicious patterns Good to know The AI model analyzes both running processes and network connections for comprehensive monitoring Each analysis request costs approximately $0.001-0.01 USD depending on system activity The workflow only sends alerts when malicious or suspicious activity is detected, reducing notification noise SSH commands require appropriate permissions on the target server Consider running this workflow from a secure, always-on AlekSystem instance for continuous monitoring
Best fit
Categories
Services
Use cases
Need another direction?