Qtap Guides

Standalone deployment guides for Qtap with local YAML-based configuration. Maximum control and flexibility for self-managed environments.

What You'll Learn

These guides cover:

  • Local configuration - Writing and managing qtap.yaml files

  • Storage backends - Configuring S3, MinIO, and other object stores

  • Traffic processing - Using plugins, stacks, and rulekit expressions

  • Conditional capture - Smart filtering to reduce noise and costs

  • Production deployment - Best practices for long-term operation

Available Guides

Complete Guide - From Hello World to Production

A progressive, hands-on tutorial that takes you from basic setup to production-ready configuration in four levels:

Level 1: Dead Simple - Verify It's Working (5 minutes)

  • Basic qtap configuration

  • Verify HTTPS visibility

  • Understand output format

Level 2: Basic Filtering and Selective Capture (10 minutes)

  • Filter out noisy processes

  • Apply different capture levels by domain

  • Use multiple stacks

Level 3: Conditional Capture with Rulekit (15 minutes)

  • Use rulekit expressions for intelligent capture

  • Create reusable macros

  • Capture only errors and specific request types

Level 4: Production Storage with S3 (20 minutes)

  • Configure S3-compatible object storage

  • Keep sensitive data in your network

  • Implement cost-effective storage strategies

Time to complete: 50 minutes total (or do one level at a time) Skill level: Beginner to Advanced

Starter Configuration - Stdout Only

The simplest possible Qtap setup - everything outputs to your terminal for immediate visibility.

Perfect for:

  • Quick testing and experimentation

  • Development environments

  • Understanding Qtap basics before adding complexity

What's included:

  • Minimal YAML configuration (15 lines)

  • Stdout-only output (no external services needed)

  • Test commands to verify it works

Time to complete: 5 minutes Skill level: Beginner

HTTPS Header Capture Without Proxies

Deep dive into how Qtap uses eBPF to capture HTTPS traffic without proxies, certificates, or decryption.

What you'll learn:

  • How eBPF hooks into TLS libraries (OpenSSL, GoTLS, etc.)

  • Capturing plaintext before encryption happens

  • Using rulekit expressions for conditional capture

  • Storing captured data in S3

  • Analyzing captured traffic with jq

Perfect for:

  • Understanding how eBPF enables TLS visibility

  • Security teams evaluating the technology

  • Advanced users who want granular control

Time to complete: 30 minutes Skill level: Intermediate

Why Choose Qtap Standalone?

Maximum Control

  • Full control over configuration via YAML

  • Version control your configs with git

  • No dependency on external control plane

Data Sovereignty

  • All data stays in your network

  • Configure your own S3-compatible storage

  • No external API calls (except to your chosen storage)

Flexibility

  • Run in air-gapped environments

  • Customize every aspect of traffic processing

  • Use with your existing tooling and workflows

Next Steps

New to Qtap? Start with the Complete Guide for a step-by-step introduction.

Just need basics? Try the Starter Configuration for a 5-minute setup.

Want centralized management? Check out the Qplane Guides for cloud-connected deployment.

PreviousHello World - Your First 30 MinutesNextComplete Guide - From Hello World to Production

Last updated