Skip to main content
The metlo-config.yaml file allows you to customize various aspects of Metlo’s behavior, including trace capture, host mappings, authentication configurations, and data detection settings.

Configuration Location

The configuration file is mounted into the Metlo ingestor container: 
volumes:
  - ./metlo-config.yaml:/usr/src/app/backend/metlo-config.yaml

Configuration Options

Global Trace Capture

Control whether Metlo captures full request/response traces for all endpoints.
globalFullTraceCapture
boolean
default:"false"
Enable full trace capture for all API endpoints. When enabled, Metlo stores complete request and response data for analysis.
globalFullTraceCapture: true
Enabling global trace capture will increase storage requirements. Use endpoint-specific capture when possible.

Minimum Analyze Traces

Set the minimum number of traces required before Metlo analyzes an endpoint.
minAnalyzeTraces
number
default:"100"
Minimum number of traces collected before endpoint analysis begins.
minAnalyzeTraces: 100

Host Mapping

Map internal hostnames to public-facing domains using regex patterns.
hostMap
array
Array of host mapping objects that map internal hosts to external hosts using regex patterns.
hostMap[].host
string
required
The target hostname to map to.
hostMap[].pattern
string
required
Regular expression pattern to match against incoming hostnames.
hostMap:
  - host: "api.example.com"
    pattern: "^internal-api-.*\\.prod\\.local$"
  - host: "staging.example.com"
    pattern: "^.*\\.staging\\.local$"

Host Block List

Exclude specific hosts from Metlo’s monitoring.
hostBlockList
array
Array of regex patterns for hosts to exclude from monitoring.
hostBlockList:
  - "^localhost$"
  - "^127\\.0\\.0\\.1$"
  - ".*\\.internal\\.local$"

Path Block List

Exclude specific paths on certain hosts from monitoring.
pathBlockList
array
Array of path blocking rules by host.
pathBlockList[].host
string
required
Regular expression pattern to match the host.
pathBlockList[].paths
array
required
Array of regex patterns for paths to block on this host.
pathBlockList:
  - host: "api.example.com"
    paths:
      - "^/health$"
      - "^/metrics$"
      - "^/internal/.*"

Authentication Configuration

Define authentication schemes for your API endpoints.
authentication
array
Array of authentication configuration objects.
See the Authentication documentation for detailed configuration options. 
authentication:
  - host: "api.example.com"
    authType: "jwt"
    headerKey: "Authorization"

Custom Words

Add custom keywords to improve sensitive data detection.
customWords
array
Array of custom words/patterns to enhance data classification detection.
customWords:
  - "customerID"
  - "accountNumber"
  - "secretKey"

Ignored Detections

Suppress specific data field detections to reduce false positives.
ignoredDetections
array
Array of detection rules to ignore.
ignoredDetections[].host
string
Host pattern to match.
ignoredDetections[].path
string
Path pattern to match.
ignoredDetections[].method
string
HTTP method (GET, POST, PUT, DELETE, etc.).
ignoredDetections[].ignoredPaths
object
required
Object mapping data sections to arrays of field paths to ignore.
ignoredDetections:
  - host: "api.example.com"
    path: "/users"
    method: "GET"
    ignoredPaths:
      resBody:
        - "users.*.id"
        - "users.*.displayName"

Complete Example

# Global trace capture settings
globalFullTraceCapture: false
minAnalyzeTraces: 100

# Host mappings
hostMap:
  - host: "api.example.com"
    pattern: "^api-prod-.*\\.internal$"

# Block monitoring for these hosts
hostBlockList:
  - "^localhost$"
  - ".*\\.internal\\.local$"

# Block specific paths
pathBlockList:
  - host: "api.example.com"
    paths:
      - "^/health$"
      - "^/metrics$"

# Custom detection keywords
customWords:
  - "customerID"
  - "accountNumber"

# Authentication configuration
authentication:
  - host: "api.example.com"
    authType: "jwt"
    headerKey: "Authorization"

# Suppress false positives
ignoredDetections:
  - host: "api.example.com"
    path: "/users"
    method: "GET"
    ignoredPaths:
      resBody:
        - "users.*.id"

Updating Configuration

After modifying metlo-config.yaml, restart the Metlo services: 
docker-compose restart
You can also update configuration through the Metlo UI in Settings > Configuration.

Build docs developers (and LLMs) love

Get started for freeTalk to us