Can I uninstall Log4j from my cluster

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
sbsbstout
Posts: 9
Joined: Thu Aug 05, 2021 9:45 am

Re: Can I uninstall Log4j from my cluster

Post by sbsbstout »

Hi Lee,

Thanks for sharing your experience. with the new release. It is good to see I am not the only one. I also see multiple files with "log4j" in the name, so cleanup didn't happen either.

I'll give support some time to respond before I consider next steps.

Regards,
Brandon
lee.bennett wrote:
sbsbstout wrote:Hello,

After upgrade, the web UI still shows version 2.1.10 and update check alerts there is an update.

The upgrade.log file shows new version installed. I ran the upgrade a second time and upgrade.log shows new version is installed. I rebooted the server after each upgrade.

upgrade.log - after first run

Old Version: 2110
New Version: 2111


upgrade.log - after second run

Old Version: 2111
New Version: 2111

No errors and both times, "Nagios Log Server Upgrade Complete!"

Brandon

Hi Brandon,

We had also tried to updated to 2.1.11 a couple of hours ago and experienced the same as you. We had taken a VM snapshot and have for now rolled back. We also tried an upgrade attempt straight after a reboot. Both using the Quick and manual process, including 'Disabling Shard Allocation'.

Additionally, we also noted that if we run find / -name "*log4j*" we still see just as many Log4j files! Confirming that the changes in the upgrade did not take place...

Thanks

Lee
sbsbstout
Posts: 9
Joined: Thu Aug 05, 2021 9:45 am

Re: Can I uninstall Log4j from my cluster

Post by sbsbstout »

Hi ssax,

In the Admin overview and in the bottom header it still shows version 2.1.10. In the past, these locations showed the correct version after an upgrade and the check for update also represented the updated situation.

Brandon
ssax wrote:Based on the hover tooltip on Disable Update Check in Admin > Global Settings it says that it only checks for updates every 24 hours so it likely won't show as updated until then.
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: Can I uninstall Log4j from my cluster

Post by ssax »

I have reported this to QA/development, it looks like the version wasn't updated, I will let you know what they say.
rasaraiva
Posts: 2
Joined: Wed Jan 19, 2022 12:29 pm

Re: Can I uninstall Log4j from my cluster

Post by rasaraiva »

I would like to confirm that
a) The logserver version did NOT increase on the web interface
b) there is still *1* log4j JAR file, is it safe to remove? won't it affect logstash? (probably the kafka component?)

The remaining file is:

Code: Select all

/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/jruby-kafka-1.5.0-java/lib/log4j/log4j/1.2.17/log4j-1.2.17.jar
and it seems to be "required":

Code: Select all

[lib]# cat /usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/jruby-kafka-1.5.0-java/lib/jruby-kafka.rb
require 'jruby-kafka_jars.rb'
require 'jruby-kafka/consumer'
require 'jruby-kafka/group'
require 'jruby-kafka/producer'
require 'jruby-kafka/kafka-producer'

module Kafka
end

Code: Select all

[lib]# cat /usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/jruby-kafka-1.5.0-java/lib/jruby-kafka_jars.rb
# this is a generated file, to avoid over-writing it just delete this comment
require 'jar_dependencies'
(...)
require_jar( 'log4j', 'log4j', '1.2.17' )
(...)
Best regards
Ricardo Saraiva
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: Can I uninstall Log4j from my cluster

Post by ssax »

Once QA has confirmed testing is finished there should be an release (likely today) that will update the NCPA agent as well as jquery/log4j to remove the files.
Locked