Realtime File Integrity Monitor (FIM) Support by Operating System
Realtime FIM is included with the System Monitor Lite License for desktop operating systems only. Standard or Realtime FIM on a server operating system requires a System Monitor Pro Agent.
| LogRhythm System Monitor Agents Realtime FIM Support Levels | ||
|---|---|---|
| Operating System | 32-bit/64-bit/.NET | Realtime FIM |
| Windows | ||
| Windows 7 | 32-bit |
LS
|
| Windows 7 | 64-bit |
CS
|
| Windows 8 | 32-bit, 64-bit |
US
|
| Windows 8.1 | 32-bit, 64-bit |
CS
|
| Windows 10 | 32-bit, 64-bit |
CS
|
| Windows Server 2008 | 32-bit, 64-bit |
US
|
| Windows Server 2008, 2008 R2 (Server Core or Desktop Experience) | 64-bit |
US
|
| Windows Server 2012, 2016 (Server Core or Desktop Experience) | 64-bit |
CS
|
| Windows Server 2019 (Server Core or Desktop Experience) | 64-bit |
CS
|
| Windows Server 2022 (Server Core or Desktop Experience) | 64-bit |
CS
|
| Windows Server 2025 (Server Core or Desktop Experience) | 64-bit |
CS
|
| AIX | ||
| AIX 7.1 | 64-bit |
CS
|
| AIX 7.2 | 64-bit |
CS
|
| Debian | ||
| Debian 10 (kernel version 4.19.0)1 (audit version 2.8.4)2 | 64-bit |
CS
|
| Debian 12 | .NET 8 |
CS
|
| Debian 13 | .NET 8 |
CS
|
| Ubuntu | ||
| Ubuntu 18.04 (kernel version 4.15.0-91-generic)1 (audit version 2.8.2)2 | 64-bit |
CS
|
| Ubuntu 20 | 64-bit |
CS
|
| Ubuntu 22 | 64-bit |
CS
|
| Ubuntu 24 | .NET 8 |
CS
|
| SUSE | ||
| openSUSE 12.1 - 12.3 (≥ kernel version 2.6.37)1 (≥ audit version 2.1.1)2 | 64-bit |
CS
|
openSUSE 13.1 and 13.2 (kernel version 3.11.6 and 3.16.6)1 (audit version 2.2.3 and 2.4)2 | 64-bit |
CS
|
| Oracle Hardened Linux | ||
Oracle Hardened Linux 7.0 - 7.4 (≥ kernel-uek-3.8.13-35.3.1.el7uek)1 (≥audit version 2.3.3)2 | 64-bit |
CS
|
| Oracle Hardened Linux 8 | 64-bit |
CS
|
| Red Hat Enterprise Linux/CentOS | ||
Red Hat Enterprise Linux/CentOS 7.0 - 7.4 (≥ audit version 2.3.3)2 | 32-bit |
CS
|
| Red Hat Enterprise Linux/CentOS 7.5 - 7.8 (audit version 2.8.5)2 | x86_64-bit |
CS
|
Red Hat Enterprise Linux/CentOS 8.1 - 8.2 (≥ kernel version 4.18.0-348.7.1.el8)1 (≥ audit version 3.0-0.17)2 | 64-bit |
CS
|
| Red Hat Enterprise Linux 9/CentOS 9 (≥ kernel version 5.14.0-70.13.1.el9)1 (≥ audit version 3.0.7)2 | 64-bit |
CS
|
1 When kernel versions are noted, indicates that Realtime FIM is only supported on the specified kernel versions. To check the kernel version, run the 'uname -r' command.
2 When audit versions are noted, indicates that Realtime FIM is only supported on the specified audit versions. To check the audit version, run the ‘auditctl -v' command.
3 At the time of release, Debian had a bug causing support to be limited. Support will begin as soon as the bug is addressed.