# JA4Sentinel Configuration
# Default configuration file for ja4sentinel service

core:
  # Network interface to monitor (use 'ip link' to list available interfaces)
  interface: eth0
  
  # TCP ports to monitor for TLS handshakes
  listen_ports:
    - 443
    - 8443
  
  # Optional BPF filter (leave empty for default port-based filter)
  bpf_filter: ""
  
  # Timeout in seconds for TLS handshake extraction per flow
  flow_timeout_sec: 30

# Output configuration - enable one or more outputs
outputs:
  # Log to stdout (captured by journald)
  - type: stdout
    enabled: true
  
  # Log to file (optional)
  # - type: file
  #   enabled: false
  #   params:
  #     path: /var/log/ja4sentinel/ja4.json
  
  # Log to UNIX socket (optional, for external processing)
  # - type: unix_socket
  #   enabled: false
  #   params:
  #     socket_path: /var/run/ja4sentinel/ja4.sock