Cisco Secure Endpoint Linux Connector Compatibility on RHEL/CentOS/Oracle Linux 7.8

Available Languages

Download Options

  • PDF     (10.3 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (86.3 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (73.0 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:February 17, 2022
Document ID:215531

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

Cisco Secure Endpoint Linux connector versions 1.12.4 and earlier are not compatible with Red Hat Enterprise Linux, CentOS and Oracle Linux 7.8. On this operating system version, the connector may report as operating normally, however, file Rename and Network Access Monitoring events will not be detected by the connector. Upgrade to connector version 1.12.5 or later for full compatibility with Red Hat Enterprise Linux, CentOS and Oracle Linux Red Hat Compatible Kernel (RHCK) 7.8.

Prerequisites

Connector Version

  • Official support in connector versions 1.12.5 and later.

Operating System

  • RHEL/CentOS/OL 7.8:
    • Oracle Linux is supported with RHCK in connector versions 1.12.5 and later.

Note: Oracle Unbreakable Enterprise Kernel (UEK) is supported in connector versions 1.18.0 and later. Refer to the Cisco Secure Endpoint Linux Connector OS Compatibility article for more information.

Kernel Version

  • 3.10.0-1127.el7.x86_64 or later.

Incompatibility

Conditions

  • Connector versions 1.12.4 and earlier.
  • From a terminal window running the commanduname -rreturns3.10.0-1127.el7.x86_64or a later kernel version.

Symptoms

  • From theCisco Secure Endpoint Console, Customers may notice that File Rename and Network Events are not being detected by the connector, and therefore not seen in Device Trajectory.
  • From a terminal window running the commandsudo cat /var/log/messages | grep "kernel: ampnetworkflow: <info> _msg_send_offset: peer disconnected"returns multiple results, indicating a failure in the ampnetworkflow kernel module used by the connector.

Resolution

Connector Upgrade

  • Upgrading to connector versions 1.12.5 or later will alleviate incompatibility issues on RHEL/CentOS/OL 7.8.

Additional Resources

Linux OS Compatibility

Cisco Secure Endpoint Linux Connector OS Compatibility

Linux Reboot Requirements

Cisco Secure Endpoint Linux Connector Update Reboot Requirements

Linux User Guide

Cisco Secure Endpoint Linux Connector User Guide

Revision History

Revision Publish Date Comments
2.0
17-Feb-2022
Added note on support for Oracle UEK
1.0
15-May-2020
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Alex Yakimenko
    Cisco

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products