Notifications

How to Set Up Telegram Alerts for Server Security

Name: Inner Warden
Author: Inner Warden

March 18, 20267 min read

Your server is under attack at 3 AM. If you find out at 9 AM when you SSH in to check logs, the attacker had 6 hours of uninterrupted access. Real-time notifications change the timeline. Telegram puts security alerts in your pocket: on your phone, your desktop, your watch.

Inner Warden's Telegram integration goes beyond simple alerting. It is a two-way conversation with your server's security agent. You receive structured alerts with context, you can approve or deny actions with inline buttons, and you can ask the AI questions about what is happening on your server.

Why Telegram is ideal for security alerts

Always with you - phone, desktop, tablet, web. Wherever you are, the alert reaches you.
Rich formatting - Markdown messages with structured data, not plain text emails that get buried in your inbox.
Inline buttons - approve or deny security actions without opening a terminal. Tap a button, the action executes.
Free and unlimited - no per-message charges, no rate limits that matter for security alerting, no vendor lock-in.
End-to-end encryption available - secret chats for sensitive conversations if needed.

What security alerts look like

When Inner Warden detects and blocks an attacker, you receive a Telegram message with full context:

alertSSH brute-force blocked | 203.0.113.47

details12 failed logins in 34s | AbuseIPDB: 100% | GeoIP: Linode, SG

actionFirewall deny rule added | TTL 24h | reported to AbuseIPDB

Every alert includes the attack type, source IP, evidence summary, AI confidence score, action taken, and links to the full audit trail on the dashboard.

Bot commands

The Telegram bot supports commands that let you interact with your server's security status:

/statusCurrent server status + active incidents

/incidentsRecent incidents with severity and status

/askAsk the AI about your server's security

The /ask command is particularly powerful. You can ask natural language questions like "What happened last night?" or "How many IPs were blocked today?" and the AI answers based on your server's actual data.

The bot is read-only by design

An important security detail: the Telegram bot cannot execute commands on your server. It reads data and sends messages, but it has no execution capabilities. Even if someone compromised your Telegram account, they could not use the bot to harm your server.

This follows Inner Warden's core principle of AI isolation. The AI reads and recommends. The Rust runtime validates and executes. The Telegram bot reads and reports. No single component has unchecked access.

Set it up in 2 minutes

You need a Telegram bot token from @BotFather and your Telegram chat ID. The setup wizard handles both:

Install

curl -fsSL https://innerwarden.com/install | sudo bash

Configure Telegram

innerwarden notify telegram

The wizard asks for your bot token and chat ID, sends a test message, and saves the configuration. From that point, every security event generates a Telegram alert.

Verify

innerwarden status

Prefer Slack? That works too

Inner Warden also supports Slack webhooks for teams that use Slack instead of Telegram. Same structured alerts, same context. Configure with innerwarden notify slack. Both can run simultaneously if you want alerts in both channels.

What to do next

SSH brute-force detection - the most common alert type. Set up detection so Telegram has something to notify you about.
A real 24-hour attack log - see what a day of Telegram alerts looks like on a production server.
AI security without root - understand the isolation model that keeps the Telegram bot safe.