Skip to main content
Skip table of contents

Realtime File Integrity Monitor (FIM) Support by Operating System

Realtime FIM is included with the System Monitor Lite License for desktop operating systems only. Standard or Realtime FIM on a server operating system requires a System Monitor Pro Agent.

LogRhythm System Monitor Agents Realtime FIM Support Levels
Operating System32-bit/64-bitRealtime FIM
Windows
Windows 732-bit

LS

Windows 764-bit

CS

Windows 832-bit, 64-bit

US

Windows 8.132-bit, 64-bit

CS

Windows 1032-bit, 64-bit

CS

Windows Server 200832-bit, 64-bit

US

Windows Server 2008, 2008 R2 (Server Core Installation)64-bit

US

Windows Server 2012, 2016 (Server Core Installation)64-bit

CS

Windows Server 201964-bit

CS

Windows Server 2019 (Server Core Installation)64-bit

CS

AIX
AIX 7.164-bit

CS

Debian
Debian 6.07 (kernel version 2.6.32)1 (audit version 1.7.18)232-bit, 64-bit

CS

Debian 7.11 (kernel version 3.2)1 (audit version 1.7.18)232-bit, 64-bit

CS

Debian 8.10 (kernel version 3.16.0-5)1 (audit version 2.4)264-bit

LS3

Debian 9 (kernel version 4.9.0-6)1 (audit version 2.6.7-2)264-bit

CS

Debian 10 (kernel version 4.19.0)1 (audit version 2.8.4)264-bit

CS

Ubuntu
Ubuntu 12.1 (kernel version 3.5)1 (audit version 1.7.18)264-bit

CS

Ubuntu 14.04 and 14.10 (kernel version 3.13 and 3.16)1 (audit version 2.3.2)2

64-bit

CS

Ubuntu 16.04 and 16.10 (kernel version 4.4 and 4.8)1 (audit version 2.4.5)264-bit

CS

Ubuntu 18.04 (kernel version 4.15.0-91-generic)1 (audit version 2.8.2)264-bit

CS

SUSE
openSUSE 11.0 (kernel version 2.6.25)1 (audit version 1.6.8)264-bit

CS

openSUSE 11.2 - 11.4 (≥ kernel version 2.6.31)1 (≥ audit version 1.7.13)264-bit

CS

openSUSE 12.1 - 12.3 (≥ kernel version 2.6.37)1 (≥ audit version 2.1.1)264-bit

CS

openSUSE 13.1 and 13.2 (kernel version 3.11.6 and 3.16.6)1 (audit version 2.2.3 and 2.4)2

64-bit

CS

Oracle Hardened Linux

Oracle Hardened Linux 5 (kernel version 2.6.39-400.209.1.el5uek)1 (audit version 1.8-2.0.1)2

32-bit, 64-bit

CS

Oracle Hardened Linux 6 (kernel version 2.6.39-400.17.1.el6uek)1 (audit version 2.2)2

64-bit

CS

Oracle Hardened Linux 7.0 - 7.4 (≥ kernel-uek-3.8.13-35.3.1.el7uek)1 (≥audit version 2.3.3)2

64-bit

CS

Red Hat Enterprise Linux/CentOS

Red Hat Enterprise Linux/CentOS 5.3 onwards (≥ kernel version 2.6.18-128.el5)1 (≥ audit version 1.7.7)2


32-bit, 64-bit

CS

Red Hat Enterprise Linux/CentOS 6.0 onwards (≥ kernel version 2.6.32-71.el6)1 (≥ audit version 2.0.4)2


32-bit, 64-bit

CS

Red Hat Enterprise Linux/CentOS 7.0 - 7.4 (≥ audit version 2.3.3)2

32-bit

CS

Red Hat Enterprise Linux/CentOS 7.5 - 7.8 (audit version 2.8.5)2x86_64-bit

CS

Red Hat Enterprise Linux 8.1 - 8.2 (≥ kernel version 4.18.0-147.5.1.el8)1 (≥ audit version 3.0)2

64-bit

CS

1 When kernel versions are noted, indicates that Realtime FIM is only supported on the specified kernel versions. To check the kernel version, run the 'uname -r' command.
2 When audit versions are noted, indicates that Realtime FIM is only supported on the specified audit versions. To check the audit version, run the ‘auditctl -v' command.
At the time of release, Debian had a bug causing support to be limited. Support will begin as soon as the bug is addressed.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.