Hi
I was checking on impact of CVE-2021-44228 on ELK stack and came across the link
When i tried the solution mentioned for logstash to remove the JNDI Class
zip -q -d <LOGSTASH_HOME>/logstash-core/lib/jars/log4j-core-2.13.3.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
I took Back up of existing jar. Copied log4j-core-2.13.3.jar to my home , tried above command in my home directory and copied back the updated jar back to lib/jars/.
When I start logstash now i see the below Error in logs.
I reverted back to the old existing jar and still the error continues.
Any inputs are appreciated.
021/12/14 06:28:27 - logstash started.
warning: --1.9 ignored
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
NameError: missing class name (`org.apache.logging.log4j.core.LoggerContext')
method_missing at org/jruby/javasupport/JavaPackage.java:252
<main> at /opt/app/logstash/logstash-core/lib/logstash/api/modules/logging.rb:18
require at org/jruby/RubyKernel.java:974
require at /opt/app/logstash/vendor/bundle/jruby/2.5.0/gems/polyglot-0.3.5/lib/polyglot.rb:65
<main> at /opt/app/logstash/logstash-core/lib/logstash/api/rack_app.rb:25
require at org/jruby/RubyKernel.java:974
require at /opt/app/logstash/vendor/bundle/jruby/2.5.0/gems/polyglot-0.3.5/lib/polyglot.rb:65
<main> at /opt/app/logstash/logstash-core/lib/logstash/webserver.rb:18
require at org/jruby/RubyKernel.java:974
require at /opt/app/logstash/vendor/bundle/jruby/2.5.0/gems/polyglot-0.3.5/lib/polyglot.rb:65
<main> at /opt/app/logstash/logstash-core/lib/logstash/agent.rb:23
require at org/jruby/RubyKernel.java:974
<main> at /opt/app/logstash/logstash-core/lib/logstash/runner.rb:44
require at org/jruby/RubyKernel.java:974
<main> at /opt/app/logstash/lib/bootstrap/environment.rb:87