Log4j Vulnerability: Workaround steps to protect EventLog Analyzer (For Versions Below 12146)

Log4j Vulnerability: Workaround steps to protect EventLog Analyzer (For Versions Below 12146)

This post has been updated on 21/12/2021

 

Dear users,

 

Two high severity vulnerabilities, (CVE-2021-44228 and CVE-2021-45046), impacting Log4j utility, were disclosed recently. We have found no evidence of any successful exploitation in EventLog Analyzer as of now. However, we strongly recommend all our customers to follow the below steps to protect EventLog Analyzer from vulnerabilities.

 

Note: To protect your installation from the recent CVE-2021-45105 vulnerability, we strongly recommend you to upgrade to the latest build and follow the steps mentioned in this link.

 

For the EvetLog Analyzer versions below 12146, please find the steps for workaround.

 

We will be replacing the log4j-core-2.9.1.jar with an updated version that does not contain the vulnerable jar.

 

1. Download/unzip the jar files from the below link:

 

https://downloads.zohocorp.com/dnd/EventLog_Analyzer_Support/NNW0jaut3CZRuXz/log4j-patched.zip

 

2. Stop the EventLog Analyzer service.

 

3. Stop the Log360 service (skip this step if Log360 isn't installed).

 

4. Open command prompt in admin mode and navigate to:

 

  • <Installation dir>/Eventlog Analyzer/ES/bin

    • run stopES.bat file

  • <Installation dir>/elasticsearch/ES/bin(Skip if location does not exist)

  • run stopES.bat file

 

5. Replace the jar from the patch in the following folders:

 

  • <Installation dir>/Eventlog Analyzer/ES/lib

  • <Installation dir>/elasticsearch/ES/lib (skip if this location does not exist).

 

 7. Start the Log360 service (skip if it is not installed).

 

8. Start the EventLog Analyzer service.


Best,
EventLog Analyzer Team