These docs are for Cribl Edge 4.10 and are no longer actively maintained.
See the latest version (4.14).
Anti-Virus Exceptions
If you are running anti-virus software on a Edge instance’s host OS, here are general guidelines for minimizing accidental blockage of Edge’s normal operation.
Your overall goals are to prevent the anti-virus software from locking any files while Edge needs to write to them, and from triggering any changes that Edge would detect as needing to be committed.
First, if Persistent Queues are enabled on any Destinations, exclude any directories that these Destinations write to. This is especially relevant if you’re writing queues to any custom locations outside of $CRIBL_HOME.
Next, for any non-streaming Destinations that you’ve configured, exclude their staging paths.
Next, exclude these subdirectories of $CRIBL_HOME:
- state/
- log/
- .git/(usually only exists on Leader Nodes)
- groups/(on Leader Nodes)
- local/(on Edge or Leader)
Finally, avoid scanning any processes. Except for the queueing/staging directories already listed above, Edge runs everything in memory, so scanning process memory will slow down Edge’s processing and reduce throughput.