Inside the box
See what external checks can't
A ping from the outside only confirms your front door answers. An agent on the box reports the things that actually take you down — a pegged CPU, a filling disk, a creeping load average.
- Runs behind NAT, in private subnets, on bare metal
- Reports CPU, memory, disk and load from the source
- No public endpoint required on your server
Built to be invisible
Small, safe, and quiet
The agent is designed to be the least interesting thing running on your server.
Static Rust binary
One self-contained executable. No interpreter, no Docker, no dependency hell.
Outbound HTTPS only
No inbound ports, no firewall changes. Works behind NAT and in private subnets.
Featherweight
Negligible CPU and memory footprint — it watches the box, it doesn’t load it.
Self-updating
Platform-proxied updates with Ed25519 + SHA-256 verification, end to end.
Least privilege
Reads system metrics only. No application data, no logs, no file contents.
systemd native
Installs as a service, starts on boot, and restarts itself if it ever stops.
Don't trust us - read the code
The ConnLog agent is fully open source. Review every line that runs on your infrastructure before you install it.
Fully auditable
Every line of code that runs on your server is public. No obfuscated binaries, no hidden telemetry.
Written in Rust
Memory-safe, statically-linked binary with zero runtime dependencies. Runs anywhere Linux runs.
Verified updates
Release integrity is checked with SHA-256 on install, and update payloads are verified before rollout.
Minimal footprint
One heartbeat every 60 seconds. No background scans, no port listeners, no root daemon.
Build it yourself in seconds:
git clone https://github.com/connlog/agent.git && cargo build --release