Skip to main content
Skip table of contents

7.10.0.8000 October 2022 Release Notes

Release Details

Software ComponentSystem Monitor (SysMon)
Version Number

7.10.0.8000 (Windows)

7.10.0.8000 (*NIX)

Compatibility

LogRhythm 7.10.0 GA

LogRhythm 7.9.0 GA

Microsoft .NET Framework 4.7.2


LogRhythm System Monitor Agents for Windows require the Microsoft .NET Framework 4.7.2. 

New Features

OAuth2.0 support has been added for Office 365 Message Tracking log collection. For more information on configuring the Office 365 Message Tracking log source, see API - Office 365 Message Tracking (Microsoft).

Upgrading to System Monitor version 7.10.0.8000 requires new fields to be added to previously configured Office 365 Message Tracking .ini files.

The following needs to be copied and pasted into existing .ini files, updating the Tenant ID, Client ID, and Client Secret as described in the API - Office 365 Message Tracking document. These fields are the OAuth2.0 replacement for the Basic Auth username and password fields.

CODE
# O365 Message Tracking Endpoint Hostname
# API details are available: https://msdn.microsoft.com/en-us/library/office/jj984335.aspx
Endpoint=reports.office365.com

# Tenant ID
TenantID =CHANGE_THIS

# Client ID
# Must be encrypted using the lrcrypt command line utility.
ClientID =CHANGE_THIS

# Client Secret
# Must be encrypted using the lrcrypt command line utility.
ClientSecret=CHANGE_THIS

Improvements

No new improvements in this release.

Deprecated Features

LogRhythm has deprecated Check Point collection via OPSEC LEA in favor of the newer Check Point Log Exporter. Support for OPSEC LEA was removed starting with LogRhythm System Monitor Collector version 7.7.0.8004 and results in an error in the scsm.log file if this collection method is used. Customers who need to use OPSEC LEA for collection should not upgrade agents past System Monitor 7.7.0.8002 release.  For information on how to configure Check Point Log exporter, see Syslog - Check Point Log Exporter device configuration guide.

Resolved Issues

Bug ID

Salesforce Case ID

Found in Version

Release Notes

DE129804161297.6.0The AIX agent now correctly monitors symbolic links using the policy time.
DE16415N/A7.9.0Using special characters in a connection string no longer causes an error in certain situations.

Resolved Issues - Security

No security-related resolved issues in this release.

Known Issues

Bug ID

Found In Version

ComponentsDescriptionRelease Notes
DE36417.4.7Windows AgentWhen a remote Agent is connected to the Mediator via VPN and the VPN gets refreshed, some users may experience connection issues with the Agent and receive errors indicating the position files are being used by another process

Expected Results: There should be no issues with the position file when collecting logs from a remote Agent.

Workaround: While there is no workaround for this issue, we are actively investigating a solution.

DE43247.4.6Agent

If a Log Source Virtualization (LSV) regex is greater than 1024 characters, the System Monitor will crash and disrupt log collection. Customers may receive several errors, including:

**WARNING** Configuration property length is greater than the maximum allowed, truncating to the maximum length.

Expected results: The Client Console should not allow a regex greater than 1024 characters since that is the limit on the System Monitor.

Workaround: If you experience this issue, contact your support team to assist in changing the LSV regex limit in the Client Console.

DE61667.3.4Windows Agent, Database scriptsThe Syslog Agent default regex does not match some log source types that explicitly differentiate the year. This mismatch causes inaccurate parsing for Normal Message Date and Host ID on some log sources, resulting in the date of collection being substituted instead. To date, we have seen this in the most recent Aruba Wireless Access Point and Palo Alto log source types.

Expected Results: The Agent should assign date and time based on date-time in the raw log for date formats that explicitly define the year. 

Workaround: While there is no workaround for this issue, we are actively investigating and will provide a fix in an upcoming release. If you experience this issue, contact your support team to assist in providing some regex that may help.

DE72417.2.5Windows AgentWhen collecting sFlow Expanded Flow Format logs, warnings are constantly written to the System Monitor log file.

Expected Results: The System Monitor Agent should collect this log format without producing warnings in the log file.

Workaround: The System Monitor Agent does not support sFlow Expanded Flow Format. You must convert these logs to NetFlow to collect the data. There is a Golden Nugget posted to LogRhythm Community that shows you how to convert from sFlow Expanded Flow to NetFlow. You can find it on the Community here: https://community.logrhythm.com/t5/Golden-nuggets/LogRhythm-Golden-Nugget-Use-Case-sFlow-Expanded-Flow-Format-No/m-p/109276

DE10288

7.2.7

7.4.7

Windows Agent

When setting up log collection on AWS CloudTrail S3 and trying to establish a trust relationship for the SSL/TLS secure channel, customers may receive the following error exception message:

**ERROR** Exception msg: A WebException with status TrustFailure was thrown.

Expected Results: Customers should be able to configure CloudTrail S3 log collection without errors.

Workaround: Use Open Collector to collect from CloudTrail S3 log sources or suppress the trust check.

DE125167.6.0*NIX AgentWhen using File Integrity Monitoring (FIM) or Realtime File Integrity Monitoring (RTFIM) in the 7.6.x System Monitor on RedHat Enterprise Linux (RHEL) 7, the agent may fail with a "segmentation fault" error message.

Expected Results: FIM and RTFIM should work without error in RHEL 7.

Workaround: Disable FIM or RTFIM in the System Monitor settings. 

DE125467.6.0AgentWhen the Mediator is restarted, the System Monitor Performance Monitor Count for Agent Handles does not reset when the Exchange Msg Tracking Log Source is in use, with the agent installed on the Exchange Server for local collection.

Expected Results: The agent handles count resets when the mediator restarts, and does not increase in size.

Workaround: Use a Windows task to restart the agent handles count on the server.

DE140047.8.0MimecastWhen enabling cleanup scripts for Mimecast collection, customers may receive tracking errors and collection may not be reliable.

Expected Results: Collection should be reliable during cleanup.

Workaround: There is no workaround for this issue.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.