Andrew Fletcher published: 13 December 2021 1 minute read
Like many devs at the moment, looking for log4j2 on your server... how to do?
First I used the command
find / -name log4j2.xml -type f
Which in turn produced the following results
/opt/solr-8.5.2/server/resources/log4j2.xml /var/solr/log4j2.xml
Version
Ok, so log4j2 exists on the server the client is using... in Solr. How about determining the version number?
The version here matters as 2.15.0 is good to go. To find the version use
sudo find / -name 'log4j*'
The output of this command returns
/opt/solr-8.5.2/licenses/log4j-api-2.11.2.jar.sha1 /opt/solr-8.5.2/licenses/log4j-core-2.11.2.jar.sha1 /opt/solr-8.5.2/licenses/log4j-api-NOTICE.txt /opt/solr-8.5.2/licenses/log4j-web-LICENSE-ASL.txt /opt/solr-8.5.2/licenses/log4j-slf4j-impl-2.11.2.jar.sha1 /opt/solr-8.5.2/licenses/log4j-1.2-api-2.11.2.jar.sha1 /opt/solr-8.5.2/licenses/log4j-web-NOTICE.txt /opt/solr-8.5.2/licenses/log4j-NOTICE.txt /opt/solr-8.5.2/licenses/log4j-core-LICENSE-ASL.txt /opt/solr-8.5.2/licenses/log4j-LICENSE-ASL.txt /opt/solr-8.5.2/licenses/log4j-slf4j-LICENSE-ASL.txt /opt/solr-8.5.2/licenses/log4j-api-LICENSE-ASL.txt /opt/solr-8.5.2/licenses/log4j-core-NOTICE.txt /opt/solr-8.5.2/licenses/log4j-slf4j-NOTICE.txt /opt/solr-8.5.2/licenses/log4j-web-2.11.2.jar.sha1 /opt/solr-8.5.2/server/resources/log4j2-console.xml /opt/solr-8.5.2/server/resources/log4j2.xml /opt/solr-8.5.2/server/lib/ext/log4j-1.2-api-2.11.2.jar /opt/solr-8.5.2/server/lib/ext/log4j-web-2.11.2.jar /opt/solr-8.5.2/server/lib/ext/log4j-api-2.11.2.jar /opt/solr-8.5.2/server/lib/ext/log4j-core-2.11.2.jar /opt/solr-8.5.2/server/lib/ext/log4j-slf4j-impl-2.11.2.jar /opt/solr-8.5.2/contrib/prometheus-exporter/lib/log4j-api-2.11.2.jar /opt/solr-8.5.2/contrib/prometheus-exporter/lib/log4j-core-2.11.2.jar /opt/solr-8.5.2/contrib/prometheus-exporter/lib/log4j-slf4j-impl-2.11.2.jar /var/solr/log4j2.xml
The version being used is 2.11.2. Now knowing the version is below 2.15.0, time to update.