System Monitor Installation Guide

If you have DP or XM appliances that shipped with agent software components pre-installed, you can upgrade those agents to this release using the instructions in the System Monitor Upgrade Guide.

System Requirements for System Monitors

LogRhythm System Monitor Agents for Windows require the Microsoft .NET Framework 4.7.2 (or above). All references to Microsoft .NET Framework 4.7.2 also include newer versions. 

• Before upgrading your System Monitor Agent, confirm that .NET Framework 4.7.2 is installed.

• For information on determining which .NET version is installed, see https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed.

• If necessary, install .NET Framework 4.7.2 and reboot your system. Because of the required reboot, we recommend that you perform this installation during off-peak hours.

Windows hosts running System Monitors prior to version 7.2.x may not have .NET Framework 4.7.2 installed. If your Windows host does not have .NET Framework 4.7.2 installed, we do not recommend using the System Monitor Package Manager automatic update option. Since installing .NET Framework 4.7.2 requires a system reboot, the automatic update process will be disrupted and the Package Manager will not complete the installation process.

Performance requirements may vary depending on log sources and features used.

Processor

• Minimum - 4 vCPU

• Recommended - 8 vCPU+

RAM

• Minimum - 8GB

• Recommended - 16GB+

Disk Space

• 5GB for System Monitor installation and prerequisites to local installation path

• Recommended: at least 50 GB for log data storage

• Linux Agents should have the larger of 2GB or 10% available space in /var for upgrade activities

Log data is stored on the System Monitor host only if the connection to the Data Processor is lost. In this case, log data must be stored locally until a connection is reestablished. The amount of disk space required for log data will vary according to collected log volume and the frequency and duration of a lost connection. Dedicated or high-volume deployments will require additional storage.

Microsoft .NET Framework

LogRhythm System Monitor Agents for Windows require the Microsoft .NET Framework 4.7.2.

Licenses

The LogRhythm SIEM provides three types of System Monitor Agent licenses: System Monitor Lite, System Monitor Pro, and System Monitor Collector. For more information, see System Monitor Functionality by License.

Operating Systems, System Monitor Lite and Pro Features, and Agent Compatibility and Functionality Matrix

For more information about supported operating systems, System Monitor compatibility, and different System Monitor features, see the System Monitor Compatibility and Functionality Guide.

Troubleshooting

If you experience trouble with your Agents communicating with your deployment, check the Networking and Communication and Realtime Antivirus Exclusions pages of this guide to ensure your deployment is configured correctly.