System Monitor (SysMon)
220.127.116.119 and 18.104.22.1680 (*NIX)
This System Monitor Agent release is compatible with LogRhythm SIEM core versions that have not reached their end of life date. For more information, see End of Life Policies for Software and Hardware.
Microsoft .NET Framework 4.7.2 or higher
LogRhythm System Monitor Agents for Windows require the Microsoft .NET Framework 4.7.2 or higher.
Before upgrading your System Monitor Agent, confirm that .NET Framework 4.7.2 or higher is installed.
For information on determining which .NET version is installed, see https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed .
If necessary, install .NET Framework 4.7.2 or higher and reboot your system. Because of the required reboot, we recommend that you perform this installation during off-peak hours.
Every Beat configuration now includes the option to send JSON parsing directly to a System Monitor Agent. For more details, see Configure Beats for JSON Parsing.
Open Collector and Beat management is now available in the Web Console. For more details, see Log Collection in Web Console.
Microsoft Visual C++ upgraded to version 2022.
LogRhythm has deprecated Check Point collection via OPSEC LEA in favor of the newer Check Point Log Exporter. Support for OPSEC LEA was removed starting with LogRhythm System Monitor Collector version 22.214.171.12404 and results in an error in the scsm.log file if this collection method is used. Customers who need to use OPSEC LEA for collection should not upgrade agents past System Monitor 126.96.36.19902 release. For information on how to configure Check Point Log exporter, see Syslog - Check Point Log Exporter device configuration guide.
Found in Version
The recommended value and the default value of the OriginalMessage are now set to True for an Agent in the Advanced Properties of the Client Console.
The Syslog timestamp UTC offset calculation now correctly calculates the UTC offset value.
Resolved Issues - Security
Resolved security-related defects can be viewed on the Community.