7.16.0 System Monitor Release Notes
Release Details
Software Component | System Monitor (SysMon) |
|---|---|
Version Number | 7.16.0 (Windows) 7.16.0 (*NIX) |
Compatibility | This System Monitor Agent release is compatible with LogRhythm SIEM core versions that have not reached their end of life date. For more information, see End of Life Policies for Software and Hardware. Microsoft .NET Framework 4.7.2 or higher |
LogRhythm System Monitor Agents for Windows require the Microsoft .NET Framework 4.7.2 or higher.
Before upgrading your System Monitor Agent, confirm that .NET Framework 4.7.2 or higher is installed.
For information on determining which .NET version is installed, see https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed .
If necessary, install .NET Framework 4.7.2 or higher and reboot your system. Because of the required reboot, we recommend that you perform this installation during off-peak hours.
New Features
Every Beat configuration now includes the option to send JSON parsing directly to a System Monitor Agent. For more details, see https://docs.logrhythm.com/OCbeats/docs/configure-beats-for-json-parsing.
Open Collector and Beat management is now available in the Web Console. For more details, see https://docs.logrhythm.com/lrsiem/7.15.0/log-collection-in-web-console.
Improvements
Microsoft Visual C++ upgraded to version 2022.
Deprecated Features
LogRhythm has deprecated Check Point collection via OPSEC LEA in favor of the newer Check Point Log Exporter. Support for OPSEC LEA was removed starting with LogRhythm System Monitor Collector version 7.7.0.8004 and results in an error in the scsm.log file if this collection method is used. Customers who need to use OPSEC LEA for collection should not upgrade agents past System Monitor 7.7.0.8002 release. For information on how to configure Check Point Log exporter, see Syslog - Check Point Log Exporter device configuration guide.
Resolved Issues
Bug ID | Salesforce Case ID | Release Notes |
|---|---|---|
ENG-32128 | 00464806 | Parsing support is now added for source IP, destination IP message, and Action on Azure Eventhubbeat logs. |
ENG-33123 | 00465259 | Additional parsing rules are now added for AWS Guard Duty Logs in the Open Collector JSON parsing engine for System Monitor. |
ENG-32134 | 00462761 | Custom parsing is now enabled for Azure Eventhub Defender logs. |
ENG-54002 | 00481628 | Log collection works as expected without establishing multiple connections to each beat. |
ENG-35329 | 00461843 | Token corruption in Eventhubbeat is now rectified by mapping SIPs correctly. |
ENG-33633 | 00465103 | All corresponding QIDs are now collected with the respective logs. |
ENG-49584 | 00476211 | SMA now parses only one metadata field at a time instead of duplicates. |
ENG-52387 | 00479813 | Package format changes have been made to upload Linux 7.13 and 7.14 Open Suse to the package manager. |
ENG-53724 | 00480773 | Open Collector GCP audit logs no longer cause errors in the SCSM.log file when using the JSON SMA parser. |
ENG-49073 | 00475957 | The System Monitor JSON parser now accurately parses dates as the logs received by the indexer are timestamped at the event. |
Resolved Issues - Security
Resolved security-related defects can be viewed on the Community.