Question

Running antivirus in Linux with a Stream worker?

Forum|Forum|9 months ago
March 11, 2025
12 replies
1 view

Edward Bailey
Employee

Hello all, some customer is asking to have an antivirus (!!?!?!?) on the Linux server running a Cribl Stream worker. I found some recommendations for Edge in the documentation, but nothing for Stream. Is it supported, for Stream, having such a configuration? thanks a lot

David Maislin
Employee
Forum|Forum|9 months ago
March 11, 2025

https://docs.cribl.io/stream/deploy-single-instance#av|https://docs.cribl.io/stream/deploy-single-instance#av

Like

E

Edward Bailey
Author
Employee
Forum|Forum|9 months ago
March 11, 2025

Thanks David. So this is applicable also for a distributed deployment.

Like

David Maislin
Employee
Forum|Forum|9 months ago
March 11, 2025

<#C01BM8PU30V|docs> <@U03CJ90F91A> perhaps we should also add this info to our distributed deployment pages too.

Like

David Maislin
Employee
Forum|Forum|9 months ago
March 11, 2025

Yes

Like

X

xpac xpac
Participating Frequently
Forum|Forum|9 months ago
March 11, 2025

That is likely depending a LOT on the actual AV used and it's config

Like

E

Edward Bailey
Author
Employee
Forum|Forum|9 months ago
March 11, 2025

thanks again. Do you have some performance numbers, how much degraded is the cribl system using this configuration?

Like

E

Edward Bailey
Author
Employee
Forum|Forum|9 months ago
March 11, 2025

Yes, it makes sense

Like

M

mferris
Employee
Forum|Forum|9 months ago
March 11, 2025

From working endpoint security before, I can tell you that they need antivirus on all the things all the time or auditors get upset

Like

M

mferris
Employee
Forum|Forum|9 months ago
March 11, 2025

Lack of AV on a linux server can be mitigated by a subset of selinux, file integrity tests, root kit detectors, good monitoring, and especially auditable config. Flies with our auditors.