https://community.splunk.com/t5/Deployment-Architecture/Can-I-delete-opt-splunk-var-run-searchpeers-lt-hostname-gt/m-p/581057#M25187 <P>check this out&nbsp; it has all the details, i think there were some updated versions in that fixed the vulnerability.</P><P><A href="https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html" target="_blank">https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html</A></P> Fri, 14 Jan 2022 08:49:21 GMT SinghK 2022-01-14T08:49:21Z https://community.splunk.com/t5/Deployment-Architecture/Can-I-delete-opt-splunk-var-run-searchpeers-lt-hostname-gt/m-p/581055#M25186 <P>Hello,<BR />I would like to know if it is safe to delete below on all of our Splunk hosts: /opt/splunk/var/run/searchpeers/&lt;hostname&gt;-1633305600/apps/splunk_archiver/java-bin/jars/vendors/spark/3.0.1/lib/<BR /><BR />Similar files exist on a lot of our Splunk hosts and we get notifications daily about them because of log4j. So is it safe to delete the above path and similar? It is just replications right?<BR /><BR />Thanks in advance!</P> Tue, 12 Jul 2022 16:22:24 GMT https://community.splunk.com/t5/Deployment-Architecture/Can-I-delete-opt-splunk-var-run-searchpeers-lt-hostname-gt/m-p/581055#M25186 erw550 2022-07-12T16:22:24Z https://community.splunk.com/t5/Deployment-Architecture/Can-I-delete-opt-splunk-var-run-searchpeers-lt-hostname-gt/m-p/581057#M25187 <P>check this out&nbsp; it has all the details, i think there were some updated versions in that fixed the vulnerability.</P><P><A href="https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html" target="_blank">https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html</A></P> Fri, 14 Jan 2022 08:49:21 GMT https://community.splunk.com/t5/Deployment-Architecture/Can-I-delete-opt-splunk-var-run-searchpeers-lt-hostname-gt/m-p/581057#M25187 SinghK 2022-01-14T08:49:21Z https://community.splunk.com/t5/Deployment-Architecture/Can-I-delete-opt-splunk-var-run-searchpeers-lt-hostname-gt/m-p/581060#M25189 <P>Yes, we have followed the instructions from the link you provided. But it does not mention if it is ok to the splunk_archiver app in&nbsp;/opt/splunk/var/run/searchpeers/&lt;host&gt;-1633305600/*. Is it just replication under&nbsp;/opt/splunk/var/run/searchpeers/&lt;host&gt;-1633305600/* and is it safe to delete it?</P> Fri, 14 Jan 2022 08:53:56 GMT https://community.splunk.com/t5/Deployment-Architecture/Can-I-delete-opt-splunk-var-run-searchpeers-lt-hostname-gt/m-p/581060#M25189 erw550 2022-01-14T08:53:56Z https://community.splunk.com/t5/Deployment-Architecture/Can-I-delete-opt-splunk-var-run-searchpeers-lt-hostname-gt/m-p/581335#M25192 <P>Hi,</P><P>Our scan has too found log4j vulnerability under the path&nbsp;<SPAN>/opt/splunk/var/run/searchpeers/&lt;host&gt;...</SPAN></P><P><SPAN>Did you remove those files/folders from the location ?</SPAN></P><P>Thanks,</P> Mon, 17 Jan 2022 14:05:15 GMT https://community.splunk.com/t5/Deployment-Architecture/Can-I-delete-opt-splunk-var-run-searchpeers-lt-hostname-gt/m-p/581335#M25192 spodda01da 2022-01-17T14:05:15Z https://community.splunk.com/t5/Deployment-Architecture/Can-I-delete-opt-splunk-var-run-searchpeers-lt-hostname-gt/m-p/581596#M25197 <P>We have not removed them yet. Our Splunk environment is not effected since we do not have DFS enabled. But I am still trying to investigate whether we can delete those files so we don't get notified from the scan. Have you heard anything else?&nbsp;&nbsp;</P> Wed, 19 Jan 2022 08:04:39 GMT https://community.splunk.com/t5/Deployment-Architecture/Can-I-delete-opt-splunk-var-run-searchpeers-lt-hostname-gt/m-p/581596#M25197 erw550 2022-01-19T08:04:39Z https://community.splunk.com/t5/Deployment-Architecture/Can-I-delete-opt-splunk-var-run-searchpeers-lt-hostname-gt/m-p/581609#M25199 <P>I went ahead and removed log4j files from the specified locations. Although I get a Splunk alert which is expected (As per Splunk, it can be ignored), but the scan is clean.&nbsp;</P><P>I am planning to follow the same on other Splunk servers.</P><P>Here is the URL for reference:</P><P><A href="https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html" target="_blank">https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html</A></P><P>"<SPAN>Upon removal of these jar files, an administrator may see errors at Splunk startup pertaining to file integrity, specific to these jar files. These are expected as you are removing these unused jar files as a workaround. These errors may be ignored.&nbsp;</SPAN>"</P> Wed, 19 Jan 2022 11:49:25 GMT https://community.splunk.com/t5/Deployment-Architecture/Can-I-delete-opt-splunk-var-run-searchpeers-lt-hostname-gt/m-p/581609#M25199 spodda01da 2022-01-19T11:49:25Z https://community.splunk.com/t5/Deployment-Architecture/Can-I-delete-opt-splunk-var-run-searchpeers-lt-hostname-gt/m-p/605311#M25855 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/240997">@erw550</a>&nbsp; Where you able to succesfully remove /opt/splunk/var/run/searchpeers/&lt;hostname&gt;/apps/splunk_archiver/* without any issue?</P> Tue, 12 Jul 2022 16:14:36 GMT https://community.splunk.com/t5/Deployment-Architecture/Can-I-delete-opt-splunk-var-run-searchpeers-lt-hostname-gt/m-p/605311#M25855 bwoodward22 2022-07-12T16:14:36Z