Getting Started

Get your servers protected in under 5 minutes

Quick Start

Apply for Beta Access

Log Into Your Dashboard

Go to app.getprometheus.io and log in with your email and temporary password. You'll be prompted to change it.

Install the Agent

Copy your install command from the dashboard and run it on any Linux server. That's it - protection starts immediately.

Requirements

OS: Ubuntu 22.04+ (more distros coming soon)
Access: Root or sudo privileges
Python: Python 3.8 or higher
Network: Outbound HTTPS to api.getprometheus.io (port 443)

Installation

Run this command as root on any server you want to protect:

bash

curl -sSL https://getprometheus.io/install | sudo bash -s -- YOUR_CLIENT_ID

Replace YOUR_CLIENT_ID with the client ID shown in your dashboard.

✓

What gets installed

Agent files go to /opt/prometheus-agent/ and a systemd service is created. The agent starts automatically and survives reboots.

Verify it's running:

bash

sudo systemctl status prometheus-agent

Configuration File

The agent config lives at /opt/prometheus-agent/config.yaml. Here's the default:

/opt/prometheus-agent/config.yaml

agent:
  host_id: "your-hostname"
  core_url: "https://api.getprometheus.io"
  client_id: "prom_xxxxxxxxxxxx"
  secret_key: "your-secret-key"
  poll_interval_sec: 60

input:
  mode: "journal"
  auth_log_path: "/var/log/auth.log"

enforcement:
  enforce: false    # Set to true to enable blocking
  default_ttl_sec: 600
  max_blocks_per_hour: 20
  allowlist_cidrs:
    - "127.0.0.1/32"
    - "10.0.0.0/8"
    - "172.16.0.0/12"
    - "192.168.0.0/16"
    - "100.64.0.0/10"

policy:
  ssh_fail_threshold: 5    # Block after 5 failed attempts
  window_sec: 600          # Within 10 minute window
  portscan_port_threshold: 10    # Ports to trigger scan detection
  portscan_window_sec: 30       # Within this window
  ddos_conn_threshold: 100      # Connections to trigger DDoS detection
  ddos_window_sec: 10           # Within this window

After editing, restart the agent:

bash

sudo systemctl restart prometheus-agent

Options Reference

Option	Description	Default
poll_interval_sec	How often to send events to the server	60
enforce	Enable blocking (default is monitor-only for safety)	true
default_ttl_sec	How long to block an IP (seconds)	600
max_blocks_per_hour	Rate limit on blocks to prevent lockouts	20
allowlist_cidrs	IP ranges that are never blocked	Private ranges

Allowlist IPs

Add your office IP or VPN range to prevent accidental lockouts:

/opt/prometheus-agent/config.yaml

enforcement:
  allowlist_cidrs:
    - "127.0.0.1/32"
    - "10.0.0.0/8"
    - "203.0.113.50/32"    # Your office IP
    - "198.51.100.0/24"    # Your VPN range

⚠

Don't lock yourself out

Always add your current IP to the allowlist before enabling enforcement, especially on remote servers.

Dashboard

Your dashboard at app.getprometheus.io shows:

Threats Blocked - Total attacks stopped across all your servers
Active Threats - Unique attacker IPs seen in the last hour
Agents Online - How many of your servers are actively reporting
Protection Status - Which detection modules are active

Agent Commands

bash

# Check status
sudo systemctl status prometheus-agent

# Stop the agent
sudo systemctl stop prometheus-agent

# Start the agent
sudo systemctl start prometheus-agent

# Restart after config changes
sudo systemctl restart prometheus-agent

# View recent logs
sudo journalctl -u prometheus-agent --since "1 hour ago"

# Follow logs in real-time
sudo journalctl -u prometheus-agent -f

Viewing Logs

The agent logs to systemd journal. Watch attacks get detected in real-time:

bash

sudo journalctl -u prometheus-agent -f

You'll see output like:

{"ts": "2026-01-14T20:24:25", "src_ip": "51.89.1.86", "event_type": "ssh.auth.fail", "would_block": true}
[2026-01-14T20:24:25] BLOCKING 51.89.1.86 for 600s
✓ Sent 3 events to core

Troubleshooting

❌ Agent won't start

Check Python is installed: python3 --version. Needs 3.8+.

Check the logs: journalctl -u prometheus-agent -n 50

❌ Events not showing in dashboard

Verify the agent can reach the API: curl -I https://api.getprometheus.io/health

Check your client_id and secret_key in the config match your dashboard.

❌ Accidentally blocked myself

If you can still SSH (different IP or console access):

sudo iptables -L INPUT -n --line-numbers
sudo iptables -D INPUT [line_number]

Then add your IP to the allowlist in config.yaml.

Support

We're here to help:

Email: [email protected]
Response time: Within 24 hours for beta users

💡

When contacting support

Include your client ID, server OS, and output of journalctl -u prometheus-agent --since "1 hour ago"