Remote Syslog uses the Elasticsearch module to save logging.
Effected products:
- RSv2
- RSE
- RSX
RSC is not effected.
Check version:
curl -XGET 'http://localhost:9200'
Output:
"number" : "7.16.2"
or
"number" : "6.8.22"
Official document Elasticsearch:
https://www.elastic.co/blog/new-elasticsearch-and-logstash-releases-upgrade-apache-log4j2
All versions below: 7.16.2 or 6.8.22 are vulnerable. If the version is higher you are good to go and no action is needed.
- In case of a vitual machine create a snapshot
- Run the upgrade:
sudo apt update && sudo apt upgrade
!!Please check if the recommended version or higher is going to be installed!!
Edit:
nano /etc/elasticsearch/jvm.options
Add:
-Dlog4j2.formatMsgNoLookups=true
Restart elasticsearch service:
service elasticsearch restart