Solved: log4j vulnerable files are getting recreated after...

imsidrai · ‎12-20-2021

we followed the steps provided on https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228... but it seems that files are being recreated , Can anyone please help on that ??,
Also i wanted to know if replacing just Apache version rather upgrading splunk could help to mitigate ?
and what should be the steps if i replace?

richgalloway · ‎12-20-2021

Which files are you talking about? Are they actually being recreated or is the deletion failing? Are the files showing up in the splunk_archiver app? If so, the blog says what to do about that.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

japonter · ‎12-29-2021

did you just delete the 4 paths the documents say. i have been looking for more clarification into this. as i read it just indicates to delete those 4 paths and that should be it. is this true?

richgalloway · ‎12-20-2021

Which files are you talking about? Are they actually being recreated or is the deletion failing? Are the files showing up in the splunk_archiver app? If so, the blog says what to do about that.

---
If this reply helps you, Karma would be appreciated.

log4j vulnerable files are getting recreated after removal(CVE-2021-44228. )

administration

configuration

using Splunk Enterprise

Index This | Divide 100 by half. What do you get?

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

Splunk and Fraud