Hello all, some customer is asking to have an antivirus (!!?!?!?) on the Linux server running a Cribl Stream worker. I found some recommendations for Edge in the documentation, but nothing for Stream. Is it supported, for Stream, having such a configuration? thanks a lot
Page 1 / 1
Thanks David. So this is applicable also for a distributed deployment.
<#C01BM8PU30V|docs> <@U03CJ90F91A> perhaps we should also add this info to our distributed deployment pages too.
Yes
That is likely depending a LOT on the actual AV used and it's config
thanks again. Do you have some performance numbers, how much degraded is the cribl system using this configuration?
Yes, it makes sense
From working endpoint security before, I can tell you that they need antivirus on all the things all the time or auditors get upset 
Lack of AV on a linux server can be mitigated by a subset of selinux, file integrity tests, root kit detectors, good monitoring, and especially auditable config. Flies with our auditors.
The ability to destroy and rebuild a node in minutes doesn't hurt either.
yes, selinux can be a good idea, but no one on the customer side is able to manage that.
Oh, that does complicate matters. /condolences
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.