7.20.0 System Monitor Release Notes - 1 April 2025
Release Details
Software Component | System Monitor (SysMon) |
|---|---|
Version Number | 7.20.0 (Windows) 7.20.0 (*NIX) |
Compatibility | This System Monitor Agent release is compatible with LogRhythm SIEM core versions that have not reached their end of life date. For more information, see End of Life Policies for Software and Hardware. Microsoft .NET Framework 4.7.2 or higher |
LogRhythm System Monitor Agents for Windows require the Microsoft .NET Framework 4.7.2 or higher.
Before upgrading your System Monitor Agent, confirm that .NET Framework 4.7.2 or higher is installed.
For information on determining which .NET version is installed, see Determine which .NET Framework versions are installed - .NET Framework.
If necessary, install .NET Framework 4.7.2 or higher and reboot your system. Because of the required reboot, we recommend that you perform this installation during off-peak hours.
New Features
Generic JSON TCP Connection to System Monitor Agents
Your security stack is ever-changing, and it’s critical to have all the components feeding into the SIEM. With more vendors adopting a JSON approach to logging, you need an easy way to collect JSON logs. That’s why we’ve expanded the System Monitor Agent’s JSON listener to support standard TCP. By leveraging the JSON listener and the JSON Policy Builder, you can ingest critical sources from anywhere! Refer to the Generic JSON Collector documentation for more information.
Improvements
Parsing Improvements
LogRhythm SIEM version 7.20 contains various improvements to System Monitor parsing policies that make it easier to integrate your System Monitors and Open Collectors through the use of JSON parsing and policy builder.
For a full rundown of these Log Parsing improvements, please refer to the LogRhythm SIEM 7.20 Release Notes.
Resolved Issues
The following issues have been resolved with this release:
Bug ID | Description |
|---|---|
ENG-57132 | An issue with the JSON parser throwing an error message in certain situations after upgrading to System Monitor versions 7.16 or later has been resolved. |
ENG-62626 | When a Windows Agent loses connection with the Data Processor, UDP Syslogs now correctly spool into “syslogsuspense” to prevent potential data loss. |
ENG-62975 | An issue with System Monitor Agents not starting on Oracle Linux 7 has been resolved. |
ENG-63049 | An issue with Agents collecting from the O365 Management Activity log source stopping after a single cycle in certain situations has been resolved. |
ENG-63601 | An issue with URL path encoding when collecting from the O365 Management Activity log source that could cause logs to fail to collect has been resolved. |
ENG-63643 | An issue with an Agent failing to stop reporting memory usage after disconnecting from the Data Processor has been resolved. |
Resolved Issues - Security
Resolved security-related defects can be viewed on the Community.