How is log4j-1.2.17 jar being installed on my system

I am not very familiar with logstash but I am trying to determine why the file /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-log4j-3.1.3-java/vendor/jar-dependencies/runtime-jars/log4j-1.2.17.jar exists on my system.

I have the logstash 7.17.6 RPM installed from elastic.co yum repos. The jar file is not included in the RPM and says the jar does not belong to any package on the system. logstash-plugin list logstash-input-log4j says the plugin is not installed. Tenable scans are showing this log4j-1.2.17.jar as a critical vulnerability and I need to know the proper way to determine if I can remove it without affecting application logging. Thank you for any clues.

sudo ./logstash-plugin install logstash-input-log4j
sudo ./logstash-plugin uninstall logstash-input-log4j

"removes" the input, but leaves all the files for it on the filesystem.

Personally I just fixed this using

sudo rm -rf /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-log4j-3.1.3-java/

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.