Security

What are the steps for Log4j update?

VijayA
Explorer

Hi All,

I request to help me with the steps to upgrade log4j to latest version in Splunk On-Prem distributed environment.

 

Labels (1)
Tags (1)
0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

you shouldn't update just log4j package under splunk. The correct way is update to whole splunk to the latest version (or at least version which have correct log4j version). Currently only supported Splunk version is 9.x should just update to 9.0.4.1 if possible and this also update your log4j package in splunk to enough new version.

r. Ismo

0 Karma

VijayA
Explorer

Hi,

Thanks for your reply!.

I'm new to Splunk and I haven't done installation and configuration. I tried to get Splunk support account from client but no luck.

I need help on upgrade from Splunk.

Who can help, what is the process to get help from Splunk.

Please advise, it is bit urgent.

Appreciate our help and support! 

 

0 Karma

isoutamo
SplunkTrust
SplunkTrust

There are many answers in community where this process has described. You should also look https://lantern.splunk.com/Splunk_Platform/Product_Tips/Upgrades_and_Migration/Upgrading_the_Splunk_...

Those should help you to do it. If needed you could ask help from some local Splunk Partner or Splunk professional services if needed.

0 Karma

VijayA
Explorer

Hi, I'm trying to understand is it not possible to update only "log4j" in Splunk ?

Is it mandate to upgrade Splunk from old to new?

My current Splunk version is 8.4.1

To upgrade need to plan, the log4j vuln. deadline is 31st, please advise 

 

Thank you for help and support

 

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

it’s not possible (at lest it’s out of support after that). Can you check your version number as there is no version 8.4.1?

Here is list of log4j vulnerable splunk versions and packages and in which version those are fixed. https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228... 

r. Ismo 

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...