Skip to main content
Skip table of contents

7.23.0 System Monitor Release Notes - 6 January 2026

Release Details

Software Component

System Monitor (SysMon)

Version Number

7.23.0 (Windows)

7.23.0 (*NIX)

Compatibility

This System Monitor Agent release is compatible with LogRhythm SIEM core versions that have not reached their end of life date. For more information, see End of Life Policies for Software and Hardware.

Microsoft .NET Framework 4.7.2 or higher

LogRhythm System Monitor Agents for Windows require the Microsoft .NET Framework 4.7.2+ or .NET Core 8. 

  • Before upgrading your System Monitor Agent .NET Framework 4 agent (installed pre-7.21), confirm that .NET Framework 4.7.2 or higher is installed.

  • For information on determining which .NET version is installed, see Determine which .NET Framework versions are installed - .NET Framework.

  • If an older version of .NET Framework 4 is installed, install .NET Framework 4.7.2 or higher and reboot your system during a planned maintenance window. Upgrading a .NET Framework 4 agent when the version of .NET Framework is older than 4.7.2 will trigger a reboot.

  • Upgrading existing .NET Framework 4 System Monitor Agents to .NET Core 8 (7.21 or later) should not require a reboot, but should be done during a planned maintenance window.

New Features

.NET 8 System Monitor Agents for Linux

In LogRhythm SIEM version 7.21.0, System Monitor Agents started being released for Windows using .NET 8 Core. Now, with the release of SIEM version 7.23.0, you can install System Monitor Agents using .NET 8 Core on Linux operating systems as well.

The .NET 8 Linux agent is distributed as a .tar.gz package, supporting 64-bit x86-64 platforms for the following operating systems:

  • Red Hat

  • Debian

  • Amazon Linux

  • Ubuntu

  • Rocky

The .NET 8 Core build provides up to 20% improvement in agent data throughput, improved memory management and reduced CPU consumption making the service more efficient.

For more information on installing a .NET 8 System Monitor Agent for Linux, refer to Install a .NET 8 System Monitor on UNIX/Linux.

Make note of the following limitations regarding .NET 8 System Monitors for Linux:

  1. Realtime File Integrity Monitoring (FIM) is unavailable. Refer to the System Monitor Functionality by Operating System topic for more information.

  2. When upgrading a Linux System Monitor Agent from .NET 4 to .NET 8, the position file data of compressed flat file log sources will not be migrated. The new Agent will treat these as new log sources.

Salesforce Audit Beat

A new Salesforce Audit Beat has been added to the Open Collector, replacing the API collection previously done through the System Monitor Agent. This new beat will address some issues that were experienced when using API collection for the Salesforce Audit log source.

For more information, refer to Salesforce Audit Beat.

Improvements

JSON Processing Policy Improvements

LogRhythm SIEM version 7.23 contains various improvements to System Monitor processing policies that make it easier to integrate your System Monitors and Open Collectors through the use of JSON parsing and policy builder.

For a full rundown of these JSON processing policy improvements, please refer to the LogRhythm SIEM 7.23 Release Notes.

Resolved Issues & Enhancements

.NET Agent Upgrade Packages Issue

System Monitor Windows Agent versions 7.22.0 and later come with a new .NET 8 agent update package to address an issue with agent upgrades. This package includes all of the following necessary files for the update:

  • windowsdesktop-runtime-8.0.18-win-x64/86.exe

  • LRSystemMonitor_64_7.22.0.2033.exe

  • LRAgentUpdate.exe

  • Property.xml 

This fix simplifies upgrades for users on versions 7.22 or later moving to a newer/future version (like the eventual 7.24 .NET 8 agent). If you are on an older version of System Monitor Agent (7.21 or earlier), this fix is not available, and you will need to follow the special instructions below.

To update to the latest Windows System Monitor Agent version (7.23.0.2xxx .NET 8), follow these two steps:

  1. Run the upgrade packages for System Monitor Agent version 7.23.0.1xxx (.NET 4) from any previous versions.

  2. After that, run the upgrade package for System Monitor Agent version 7.23.0.2xxx (.NET 8).

Special Instructions for Customers on Windows System Monitor Agent Version 7.21 or Earlier

Customers on Windows System Monitor Agent version 7.21.0.2019 (.NET 8) cannot directly upgrade to agents 7.22.0.1xxx (.NET 4) or 7.22.0.xxx (.NET 8) or later using a manual or package upgrade. Follow these steps:

Manual upgrade steps:

  1. Uninstall the old System Monitor Agent version 7.21.0.2019 (.NET 8) completely.

  2. Install the new System Monitor Agent version 7.23.0.2xxx (.NET 8) or 7.23.0.1xxx (.NET 4).

Upgrade package steps:

  1. Run the upgrade package for the 7.21.0.1052 or older .NET 4 agent.

  2. Run the package for the 7.23.0.1xxx (.NET 4) agent.

  3. Run the package update for the 7.23.0.2xxx (.NET 8) agent.

Resolved Issues

The following issues have been resolved with this release:

Bug ID

Description

ENG-33323

An issue with the System Monitor making Salesforce API calls for logs that don’t exist has been resolved by migrating functionality to the new Salesforce Audit Beat. For more information, refer to the updated Salesforce Audit Beat documentation.

ENG-52916,
ENG-54157,
ENG-71905

An issue preventing Agents from successfully auto-updating through Package Manager on various operating systems has been resolved.

ENG-54500,
ENG-58146,
ENG-80149

The timestamp normalization process has been more thoroughly outlined on both the Syslog Collection and Modify System Monitor Basic Properties documentation topics.

ENG-61433,
ENG-61963,
ENG-63008

An issue with Agents not correctly installing on AIX 7.1 and AIX 7.2 in certain situations has been resolved.

ENG-62484,
ENG-63339

IPFix and Netflow v10 custom vendor definitions now collect correctly and support the full Netflow v10 field definitions.

ENG-77383

An issue causing the Tenable Scanner log source fields “HasBeenMitigated” and “EXPLOITAVAILABLE” to always return a “False” value has been resolved.

ENG-81064

An issue with the MS Windows Event log source in which a large amount of EVID 7004 “failed to parse log data” messages would appear in certain situations has been resolved.

ENG-83226

An issue in which JSONParser settings for .NET4 Agents were not visible within the System Monitor Advanced settings after upgrading the Agent to 7.22.0 has been resolved.

ENG-83443

An issue preventing lcrypt from functioning correctly in certain situations with 7.22.0 System Monitor Agents has been resolved.

Resolved Issues - Security

Resolved security-related defects can be viewed on the Community.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close