Work With System Monitor Agents

System Monitor Lite, Pro, and Collector Agents collect and forward log data to Data Processors. Additionally, System Monitor Pro or Collector Agents can also perform File Integrity Monitor (FIM) operations. When FIM detects changes in files and directories, the Agent generates a log and sends it to the Data Processor. For more information, see Networking and Communication.

For more information about downloads and installation, see System Monitor.

The Windows version of the Agent can also collect Event Logs remotely from other Windows hosts. It has an RFC 3164 compliant syslog server built in that can be used to collect syslog data transmitted over a network.

License System Monitors

One System Monitor Pro or Collector license is provided and assigned to the System Monitor that runs on each LogRhythm appliance. When you add a new System Monitor, it will be assigned a System Monitor Pro license if available. If a System Monitor Pro license is not available, a System Monitor Lite license is assigned.

• To view the agent functionality matrix, see LogRhythm Compatibility and System Monitor Functionality Guide.
• To view System Monitor Lite and System Monitor Pro or Collector features, see System Monitor Functionality by License: Lite vs. Pro/Collector.

Least Privileged Users

In some cases, a System Monitor will need to be created with least privilege user rights. This enables the System Monitor to exist in an environment outside the DMZ. In this case, the System Monitor needs limited access to other components such as the Performance Monitor. To configure the System Monitor with least privilege user rights, see Least Privileged User.