Skip to content
Seerflow

Configuration Reference

Configuration File

Section titled “Configuration File”

Seerflow loads configuration from seerflow.yaml in the current working directory. If no file is found, sensible defaults are used.

Environment Variables

Section titled “Environment Variables”

All string values support ${VAR} and ${VAR:-default} interpolation:

storage:
  postgresql_url: ${DATABASE_URL:-postgresql://localhost/seerflow}

Full Reference

Section titled “Full Reference”
# Storage backend
storage:
  backend: sqlite              # sqlite | postgresql
  data_dir: ""                 # XDG default: ~/.local/share/seerflow
  sqlite_path: ""              # default: <data_dir>/seerflow.db
  postgresql_url: ""           # required if backend: postgresql


# Log receivers
receivers:
  syslog_enabled: true
  syslog_udp_port: 514
  syslog_tcp_port: 601
  otlp_grpc_enabled: true
  otlp_grpc_port: 4317
  otlp_http_enabled: true
  otlp_http_port: 4318
  file_paths: []               # list of file paths to tail


# ML detection
detection:
  hst_window_size: 1000
  hst_n_trees: 25
  dspot:
    calibration_window: 1000
    risk_level: 0.0001
  weights_content: 0.30
  weights_volume: 0.25
  weights_sequence: 0.25
  weights_pattern: 0.20


# Alerting
alerting:
  dedup_window_seconds: 900
  webhooks: []
  pagerduty_routing_key: ""


# LLM (optional)
llm:
  backend: ""                  # ollama | openai | anthropic
  model_path: ""
  ollama_url: http://localhost:11434


# General
dashboard_port: 8080
log_level: INFO                # DEBUG | INFO | WARNING | ERROR | CRITICAL