This post has been updated on 21/12/2021.

Dear users,

Three high severity vulnerabilities, (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105), impacting multiple versions of Apache Log4j utility, were disclosed recently. We have found no evidence of any successful exploitation in Log360 as of now. However, the affected Log4j version is used in Log360 in the bundled dependency, so we strongly recommend all our customers to follow the below steps to protect Log360 from the vulnerabilities.

1. Download/unzip the jar files from the link below:

https://downloads.zohocorp.com/dnd/EventLog_Analyzer_Support/msCzUJGksaD1m3P/log4j-2.17.0.zip

2. Stop the Log360 service (if it is running).

3. Open command prompt in admin mode. Navigate to <Installation dir>/elasticsearch/ES/bin and run stopES.bat file.

4. Move the downloaded jar files to <Installation dir>/elasticsearch/ES/lib.

5. Delete the following files from ES/lib

• log4j-1.2-api-2.9.1.jar (or) log4j-1.2-api-2.15.0.jar (or) log4j-1.2-api-2.16.0.jar

• log4j-api-2.9.1.jar (or) log4j-api-2.15.0.jar (or) log4j-api-2.16.0.jar
  

• log4j-core-2.9.1.jar (or) log4j-core-2.15.0.jar (or) log4j-core-2.16.0.jar
  

6. Start the Log360 service.

3. Open the installation directory of ES node in the added SEM node and navigate to the following location.

• <Installation folder>/ES/

4. Paste the above-copied jars in <Installation folder>/ES/lib location.

5. Backup and delete the following jars from the <Installation dir>/ES/lib

• log4j-1.2-api-2.9.1.jar (or) log4j-1.2-api-2.15.0.jar (or) log4j-1.2-api-2.16.0.jar
  
• log4j-api-2.9.1.jar (or) log4j-api-2.15.0.jar (or) log4j-api-2.16.0.jar
  
• log4j-core-2.9.1.jar (or) log4j-core-2.15.0.jar (or) log4j-core-2.16.0.jar 

6. Start the elasticsearch service(elasticsearch-service-x64 or elasticsearch-service-x86) from the services.msc 

Log360 Team