# Default configuration file for ja4sentinel
# This file is installed as /etc/ja4sentinel/config.yml.default

core:
  # Network interface to capture traffic from
  # Will be overridden by JA4SENTINEL_INTERFACE env var if set
  interface: eth0

  # TCP ports to monitor for TLS handshakes
  listen_ports:
    - 443
    - 8443

  # Optional BPF filter (leave empty for auto-generated filter based on listen_ports)
  bpf_filter: ""

  # Timeout in seconds for TLS handshake extraction (default: 30)
  flow_timeout_sec: 30

  # Buffer size for packet channel (default: 1000, increase for high-traffic environments)
  packet_buffer_size: 1000

outputs:
  # Output to stdout (JSON lines) - disabled by default for production
  - type: stdout
    enabled: false
    params: {}

  # Output to file
  - type: file
    enabled: true
    params:
      path: /var/log/ja4sentinel/ja4.log

  # Output to UNIX socket (for systemd/journald or other consumers)
  - type: unix_socket
    enabled: true
    params:
      socket_path: /var/run/ja4sentinel.sock