EventLog Analyzer-扫描出CVE-2021-44832漏洞如何处理(已是最新build12214)?
请先确认产品已经升级到最新的Build12214了!
升级产品到最新的build12214后,CVE-2021-44228,CVE-2021-45046和CVE-2021-45105漏洞已经分别修复。
但是如果此时还是扫描出CVE-2021-44832漏洞,请查看以下内容:
Four high severity vulnerabilities, (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832), impacting Log4j utility, were disclosed recently. We have found no evidence of any successful exploitation in EventLog Analyzer as of now. However, we strongly recommend all our customers follow the below steps to protect EventLog Analyzer from vulnerabilities.
Follow the below workaround steps to protect your EventLog Analyzer from Log4j vulnerability. We will be replacing the vulnerable log4j with a latest version that does not contain the vulnerabilty.
Note: If you are using EventLog Analyzer versions below 12146, we strongly recommend you to upgrade to the latest build and then follow below steps to protect your installation from Log4j vulnerabilities.
1. Download/unzip the jar files from the below link:
2. Stop the EventLog Analyzer service.
3. Stop the Log360 service. (If it is running and skip if it is not installed)
4. Open command prompt in admin mode. Navigate to <Installation dir>/Eventlog Analyzer/ES/bin and run stopES.bat file.
<Installation dir>/elasticsearch/ES/bin and run stopES.bat file (skip if this location does not exist).
5. Move the downloaded jar files to the following folders:
<Installation dir>/Eventlog Analyzer/ES/lib
<Installation dir>/elasticsearch/ES/lib (skip if location does not exist)
6. Delete the following files from <Eventlog Analyzer>/ES/lib and <Installation dir>/elasticsearch/ES/lib (skip if this location does not exist).
log4j-1.2-api-2.9.1.jar (or) log4j-1.2-api-2.15.0.jar (or) log4j-1.2-api-2.16.0.jar (or) log4j-1.2-api-2.17.0.jar
log4j-api-2.9.1.jar (or) log4j-api-2.15.0.jar (or) log4j-api-2.16.0.jar (or) log4j-api-2.17.0.jar
log4j-core-2.9.1.jar (or) log4j-core-2.15.0.jar (or) log4j-core-2.16.0.jar (or) log4j-core-2.17.0.jar
7. Start the Log360 service (skip if it is not installed).
8. Start the EventLog Analyzer service.
Related Articles
ELA-最新的Log4j vulnerabilities(CVE-2021 44228 & CVE-2021-45046) workaround
Please find the steps to mitigate the vulnerabilities CVE- 2021-44228 and CVE-2021-45046 on EventLog Analyzer. 1. Download/unzip the jar files from the below patch, ...ADMP-最新的Log4j vulnerabilities(CVE-2021 44228 & CVE-2021-45046) workaround
In ADManager Plus the affected log4j version is used is in the bundled dependency, Please find the below precautionary measures against the latest log4j vulnerability (CVE-2021 44228 & CVE-2021-45046). There is no conclusive evidence of the exploit ...EventLog Analyzer\ES\archive和EventLog Analyzer\archive分别是什么文件夹?
EventLog Analyzer中的日志处理经历两个阶段: 第一阶段:收到原始日志数据时,日志保留方式是Online retention(联机保留); 即产品在运行的时候,产品界面UI中显示的那些日志数据是来自EventLog Analyzer\ES\archive。 即下图设置的该天数内的日志数据: 第二阶段:但是日志不能永久通过Online索引,这会影响产品运行性能,这就涉及到第二阶段“Offline retention”(脱机保留); ...Windows设备中安装EventLog Analyzer agent的方法
第一种方法:从产品的UI界面推,自动安装代理; 第二种方法:下载代理安装文件,手动在设备上安装,填写那台EventLog服务器的IP或主机名、端口号,协议; 第三种方法:如果以上两种方法都试了,终端设备的账号也有admin权限,WMI正常工作,请以管理员运行CMD命令窗口,运行如下script: msiexec.exe /i "EventLogAgent.msi" /qn /norestart /L*v "Agent_Install.log" ...EventLog Analyzer产品升级时报错-数据库启动不起来
在升级EventLog Analyzer产品时,升级不成功,提示连接数据库有问题: 如下这样的截图: 或者 解决方法:运行initpgsql.bat一般可解决数据库启动不起来的问题,不会影响数据库中存储的数据或配置,注意不是运行reinitializeDB!!