      petacomm.io
      ›
      Server Tools
      ›
      GateBell
    

SSH Gateway Monitor · v1.0 · New Release

Know every SSH connection
the moment it happens.

GateBell watches every SSH event on your server and fires instant alerts with under 2ms latency. Real-time gateway visibility — Slack, Discord, email or any webhook. Never be surprised by an unexpected login again.

Real-time SSH gateway visibility

GateBell integrates with PAM to intercept SSH events directly — no changes to sshd_config required. Runs as a 4 MB daemon with no sidecars, no Java runtime, no Elasticsearch.

Download GateBell Full Documentation ›

#GateBell #NewRelease #v1.0

What Is GateBell

SSH monitoring with
no compromises.

GateBell is a real-time SSH gateway monitor. It watches every connection attempt, successful login, logout and port event on your server and delivers instant alerts — without any overhead that would slow your system down.

GateBell hooks into PAM (Pluggable Authentication Modules) so it intercepts events before they reach the shell. There is nothing to change in your SSH configuration. No agents, no proxies, no network tap required.

Every event is logged in structured JSON and can be exported to any SIEM, ELK Stack or Splunk pipeline. IP geo-location and reputation checks run on every connection automatically.

No API key needed. GateBell has no external dependencies. Unlike Petacomm Easy, it requires no cloud service — it works entirely on-premises.

gatebell — live log v1.0

# Real-time SSH gateway events
user@server:~$ gatebell watch

[09:14:02] LOGIN [email protected] DE · known
[09:14:11] LOGIN [email protected] LAN · known
[09:15:37] ATTEMPT [email protected] TOR · blocked
alert sent → slack#security
[09:15:38] ATTEMPT [email protected] auto-banned
[09:22:05] LOGOUT [email protected] session: 8m
[09:30:19] LOGIN [email protected] LAN · known

✓ Watching 3 interfaces — 1 ban active

user@server:~$

Alert Latency vs Alternatives

GateBell

<2ms

fail2ban

~850ms

ossec

~620ms

sshguard

~480ms

GateBell · v1.0

Everything you need
to watch your gateway.

Simple to install. Powerful in production.

GateBell is designed to be installed in under five minutes and never require maintenance. It watches silently in the background and speaks up only when something needs your attention.

Real-time SSH detection — under 2ms from event to alert
Instant notifications — Slack, Discord, email, PagerDuty, webhook
IP geo-location — country and city for every connection
IP reputation checks — TOR exit nodes, VPNs and scanners flagged automatically
Auto-ban rules — configurable threshold, duration and whitelist
Port monitoring — open, close and anomaly events logged
Multi-server dashboard — one view across all your hosts
Rule engine — allow, alert, ban or log per IP, range, user or country
REST API — manage bans and query events programmatically
SIEM compatible — structured JSON log for ELK Stack, Splunk and more
PAM integration — no SSH config changes, no agent install
4 MB memory — lightweight daemon, zero runtime dependencies

Download GateBell Documentation ›

Instant Alerts

Under 2ms from event to notification. Reach your team via Slack, Discord, email or any webhook.

Geo-location

Every connection is checked against IP databases. Country, city and ASN displayed in the live log.

Auto-ban Rules

Configure thresholds. GateBell writes firewall rules automatically and notifies you on every ban.

Traffic Analytics

Per-port request rates, connection counts and bandwidth in historical graphs. Prometheus export included.

Multi-server Hub

Monitor dozens of servers from a single central dashboard. SSH tunnel or agent-based — your choice.

Audit Log

Structured JSON event log for every connection, rule change and alert. SIEM, ELK Stack and Splunk ready.

Alert Channels

Reach your team
wherever they are.

Configure one or more alert channels. GateBell sends to all of them simultaneously when a rule is triggered.

/etc/gatebell/alerts.conf — Slack

[slack]

enabled     = true

webhook_url = https://hooks.slack.com/services/T.../B.../xxx

channel     = #security

on_events   = login,attempt,ban

# on_events options: login, logout, attempt, ban, port_open, port_close, *

/etc/gatebell/alerts.conf — Discord

[discord]

enabled     = true

webhook_url = https://discord.com/api/webhooks/xxx/yyy

on_events   = attempt,ban

[email]
enabled = true
smtp_host = smtp.example.com
smtp_port = 587
smtp_user = [email protected]
smtp_pass = your-password
to = [email protected]
on_events = ban,critical

/etc/gatebell/alerts.conf — Custom Webhook

[webhook]

enabled    = true

url        = https://your-endpoint.example.com/gatebell

method     = POST

headers    = Authorization: Bearer your-token

on_events  = *

# Payload sent as JSON: {event, ip, user, country, ts, rule}

Test your alert channels at any time with gatebell test-alert — GateBell will fire a test notification to all configured channels and show you the result.

Installation

Install GateBell
in under 5 minutes.

No API key required. No reboot. No changes to your SSH configuration.

Install the package

Choose your package manager. The repository is the same for all distros — GateBell auto-detects your system.

bash — Debian / Ubuntu

$ sudo apt install gatebell

bash — Arch Linux

$ yay -S gatebell

bash — RHEL / Fedora

$ sudo dnf install gatebell

bash — standalone binary

$ wget https://releases.petacomm.io/gatebell/v1.0.3/gatebell-linux-amd64

$ chmod +x gatebell-linux-amd64

$ sudo mv gatebell-linux-amd64 /usr/local/bin/gatebell

Configure your first alert channel

Add at least one notification channel. Slack webhook is the quickest to set up.

/etc/gatebell/alerts.conf

[slack]

enabled     = true

webhook_url = https://hooks.slack.com/services/YOUR/WEBHOOK/URL

channel     = #security

on_events   = login,attempt,ban

Enable and start the service

bash

$ sudo systemctl enable --now gatebell

✓ GateBell active — watching 3 interfaces

Test your alert channel

Send a test notification to verify your setup before relying on it in production.

bash

$ gatebell test-alert

✓ Test notification sent to slack#security

✓

GateBell is now watching your server

bash

$ gatebell status

● gatebell    running   uptime: 2m

● watching    eth0, lo, docker0

● alerts      slack#security

● ban list    0 active bans

Main configuration

Config file: /etc/gatebell/gatebell.conf

Key	Default	Description
interfaces	*	Interfaces to monitor (comma-sep or *)
ban_threshold	5	Failed attempts before auto-ban
ban_window_sec	60	Window for counting failed attempts
ban_duration_min	1440	Ban duration in minutes (1440 = 24h)
geo_lookup	true	Enable IP geo-location lookup
audit_log	/var/log/gatebell/events.log	Structured JSON event log path
log_format	json	Log format: json or text
api_port	7475	REST API listening port

Example rule config

/etc/gatebell/rules.conf

# Allow office LAN silently — no alerts

allow ip_range=192.168.1.0/24 silent=true

# Allow known admin IPs with label

allow ip=203.0.113.10 label="home-admin"

# Instantly ban TOR exit nodes

ban   reputation=tor duration=permanent

# Alert on any root login attempt

alert user=root action=attempt channel=slack,email

Pro tip: Add your office IP range as allow silent=true to prevent alert fatigue from your own team's connections.

Supported Distributions

Ubuntu Debian Arch RHEL Fedora Alpine +12 more

REST API

Manage GateBell
programmatically.

GateBell exposes a local REST API on port 7475 by default. All endpoints require the API token set in your config.

Set your API token

bash

$ sudo gatebell config set api_token your-secret-token

Example — query recent events

bash

$ curl -H "Authorization: Bearer your-token" \

     http://localhost:7475/api/events?type=attempt&limit=10

{ "events": [

  { "ts": "2026-04-28T09:15:37Z",

    "type": "attempt",

    "ip": "185.220.x.x",

    "user": "root",

    "country": "TOR",

    "banned": true }

] }

Endpoints

Method + Path	Description
GET /api/status	Daemon health, uptime, interface count
GET /api/events	Recent events — filterable by type, IP, user
GET /api/bans	List all currently active IP bans
POST /api/bans	Manually add an IP to the ban list
DELETE /api/bans/:ip	Remove an IP from the ban list
GET /api/rules	List all configured rules
POST /api/test-alert	Send test notification to all channels
GET /api/metrics	Prometheus-format metrics endpoint

Know every SSH connectionthe moment it happens.

SSH monitoring withno compromises.

Everything you needto watch your gateway.

Reach your teamwherever they are.

Install GateBellin under 5 minutes.

Install the package

Configure your first alert channel

Enable and start the service

Test your alert channel

GateBell is now watching your server

Main configuration

Example rule config

Manage GateBellprogrammatically.

Set your API token

Example — query recent events

Endpoints

Know every login before your team does.

Know every SSH connection
the moment it happens.

SSH monitoring with
no compromises.

Everything you need
to watch your gateway.

Reach your team
wherever they are.

Install GateBell
in under 5 minutes.

Manage GateBell
programmatically.