How is log4j-1.2.17 jar being installed on my system

brilong · August 25, 2022, 11:16pm

I am not very familiar with logstash but I am trying to determine why the file /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-log4j-3.1.3-java/vendor/jar-dependencies/runtime-jars/log4j-1.2.17.jar exists on my system.

I have the logstash 7.17.6 RPM installed from elastic.co yum repos. The jar file is not included in the RPM and says the jar does not belong to any package on the system. logstash-plugin list logstash-input-log4j says the plugin is not installed. Tenable scans are showing this log4j-1.2.17.jar as a critical vulnerability and I need to know the proper way to determine if I can remove it without affecting application logging. Thank you for any clues.

Badger · August 26, 2022, 1:10am

sudo ./logstash-plugin install logstash-input-log4j
sudo ./logstash-plugin uninstall logstash-input-log4j

"removes" the input, but leaves all the files for it on the filesystem.

Personally I just fixed this using

sudo rm -rf /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-log4j-3.1.3-java/

system · September 23, 2022, 1:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is it possible to disable or remove log4j-core-2.17.1.jar from Logstash? Logstash	2	416	September 18, 2023
Logstash newb, a bit baffled. Connecting a log4j2 application to logstash Logstash	2	689	April 18, 2017
Log4j security vulnerability and plugins which bundle / vendor dependencies Logstash elastic-stack-security	5	6048	January 13, 2022
Elasticsearch 7.16.3 Log4j Vulnerability log4j-core-2.11.1.jar still persists Elasticsearch	2	2805	March 1, 2022
Problem installing plugin Logstash	3	2573	April 10, 2017

How is log4j-1.2.17 jar being installed on my system

Related topics