Solved: log4j vulnerable files are getting recreated after...

imsidrai · ‎12-20-2021

we followed the steps provided on https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228... but it seems that files are being recreated , Can anyone please help on that ??,
Also i wanted to know if replacing just Apache version rather upgrading splunk could help to mitigate ?
and what should be the steps if i replace?

richgalloway · ‎12-20-2021

Which files are you talking about? Are they actually being recreated or is the deletion failing? Are the files showing up in the splunk_archiver app? If so, the blog says what to do about that.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

japonter · ‎12-29-2021

did you just delete the 4 paths the documents say. i have been looking for more clarification into this. as i read it just indicates to delete those 4 paths and that should be it. is this true?

richgalloway · ‎12-20-2021

Which files are you talking about? Are they actually being recreated or is the deletion failing? Are the files showing up in the splunk_archiver app? If so, the blog says what to do about that.

---
If this reply helps you, Karma would be appreciated.

log4j vulnerable files are getting recreated after removal(CVE-2021-44228. )

administration

configuration

using Splunk Enterprise

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

SignalFlow: What? Why? How?