Realtime FIM is included with the System Monitor Lite License for desktop operating systems only. Standard or Realtime FIM on a server operating system requires a System Monitor Pro Agent.
|
LogRhythm System Monitor Agents Realtime FIM Support Levels |
||
|---|---|---|
|
Operating System |
32-bit/64-bit/.NET |
Realtime FIM |
|
Windows |
||
|
Windows 7 |
32-bit |
LS
|
|
Windows 7 |
64-bit |
CS
|
|
Windows 8 |
32-bit, 64-bit |
US
|
|
Windows 8.1 |
32-bit, 64-bit |
CS
|
|
Windows 10 |
32-bit, 64-bit |
CS
|
|
Windows Server 2008 |
32-bit, 64-bit |
US
|
|
Windows Server 2008, 2008 R2 (Server Core or Desktop Experience) |
64-bit |
US
|
|
Windows Server 2012, 2016 (Server Core or Desktop Experience) |
64-bit |
CS
|
|
Windows Server 2019 (Server Core or Desktop Experience) |
64-bit |
CS
|
|
Windows Server 2022 (Server Core or Desktop Experience) |
64-bit |
CS
|
|
Windows Server 2025 (Server Core or Desktop Experience) |
64-bit |
CS
|
|
AIX |
||
|
AIX 7.1 |
64-bit |
CS
|
|
AIX 7.2 |
64-bit |
CS
|
|
Debian |
||
|
Debian 10 (kernel version 4.19.0)1 (audit version 2.8.4)2 |
64-bit |
CS
|
|
Debian 12 |
.NET 8 |
CS
|
|
Debian 13 |
.NET 8 |
CS
|
|
Ubuntu |
||
|
Ubuntu 18.04 (kernel version 4.15.0-91-generic)1 (audit version 2.8.2)2 |
64-bit |
CS
|
|
Ubuntu 20 |
64-bit |
CS
|
|
Ubuntu 22 |
64-bit |
CS
|
|
Ubuntu 24 |
.NET 8 |
CS
|
|
SUSE |
||
|
openSUSE 12.1 - 12.3 (≥ kernel version 2.6.37)1 (≥ audit version 2.1.1)2 |
64-bit |
CS
|
|
openSUSE 13.1 and 13.2 (kernel version 3.11.6 and 3.16.6)1 (audit version 2.2.3 and 2.4)2 |
64-bit |
CS
|
|
Oracle Hardened Linux |
||
|
Oracle Hardened Linux 7.0 - 7.4 (≥ kernel-uek-3.8.13-35.3.1.el7uek)1 (≥audit version 2.3.3)2 |
64-bit |
CS
|
|
Oracle Hardened Linux 8 |
64-bit |
CS
|
|
Red Hat Enterprise Linux/CentOS |
||
|
Red Hat Enterprise Linux/CentOS 7.0 - 7.4 (≥ audit version 2.3.3)2 |
32-bit |
CS
|
|
Red Hat Enterprise Linux/CentOS 7.5 - 7.8 (audit version 2.8.5)2 |
x86_64-bit |
CS
|
|
Red Hat Enterprise Linux/CentOS 8.1 - 8.2 (≥ kernel version 4.18.0-348.7.1.el8)1 (≥ audit version 3.0-0.17)2 |
64-bit |
CS
|
|
Red Hat Enterprise Linux 9/CentOS 9 (≥ kernel version 5.14.0-70.13.1.el9)1 (≥ audit version 3.0.7)2 |
64-bit |
CS
|
1 When kernel versions are noted, indicates that Realtime FIM is only supported on the specified kernel versions. To check the kernel version, run the 'uname -r' command.
2 When audit versions are noted, indicates that Realtime FIM is only supported on the specified audit versions. To check the audit version, run the ‘auditctl -v' command.
3 At the time of release, Debian had a bug causing support to be limited. Support will begin as soon as the bug is addressed.