https://community.cisco.com/t5/network-access-control/applying-a-log4j-patch-in-a-distributed-environment/m-p/4608666#M574721 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/317086">@Charlie Moreton</a>&nbsp;<BR />Thank you for reply.</P><P>I could configure the repository in CLI and install Log4j patch successfully.</P> Thu, 12 May 2022 00:48:24 GMT Lucas Woo 2022-05-12T00:48:24Z https://community.cisco.com/t5/network-access-control/applying-a-log4j-patch-in-a-distributed-environment/m-p/4606532#M574626 <P>Hello,</P><P>As a title, I run a ISE in a Distributed Environment, which are Primary and Secondary.</P><P>I applied a Log4j patch to Primary node, but I couldn`t find a specific way to do it to a Secondary one.</P><P>------------------------------------------<BR />●Primary node<BR /># show logging application hotpatch.log<BR /><STRONG>Mon May 9 hh:mm:ss UTC 2022 =&gt; CSCwa47133_all_common_1 =&gt; CSCwa47133</STRONG></P><P>●Secondary node<BR /># show logging application hotpatch.log<BR /><STRONG>% Error: No such log file.</STRONG><BR />------------------------------------------</P><P>Also, I tried to make repository in a secondary node, but I can`t find the specific area to make it.</P><P>Do I have to applying a Log4j patch in a Secondary node in the first place? or Is there any way to apply it?</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="log4j.jpg" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/150784i17A15950D417D2D9/image-size/medium?v=v2&amp;px=400" role="button" title="log4j.jpg" alt="log4j.jpg" /></span></P> Mon, 09 May 2022 04:57:05 GMT https://community.cisco.com/t5/network-access-control/applying-a-log4j-patch-in-a-distributed-environment/m-p/4606532#M574626 Lucas Woo 2022-05-09T04:57:05Z https://community.cisco.com/t5/network-access-control/applying-a-log4j-patch-in-a-distributed-environment/m-p/4606602#M574630 <P>&nbsp;</P> <P>&nbsp; &nbsp; &nbsp; &nbsp; &gt;.<EM>..but I couldn`t find a specific way to do it to a Secondary one.</EM></P> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Why not ? The cli command sequence is just the same.</P> <P>&nbsp;M.</P> Mon, 09 May 2022 06:51:38 GMT https://community.cisco.com/t5/network-access-control/applying-a-log4j-patch-in-a-distributed-environment/m-p/4606602#M574630 Mark Elsen 2022-05-09T06:51:38Z https://community.cisco.com/t5/network-access-control/applying-a-log4j-patch-in-a-distributed-environment/m-p/4606787#M574632 <P>You may want to see this:</P><P>&nbsp;</P><P><A title="https://www.lookingpoint.com/blog/cisco-ise-patching" href="https://www.lookingpoint.com/blog/cisco-ise-patching" target="_self">https://www.lookingpoint.com/blog/cisco-ise-patching</A>&nbsp;</P><P>and this:</P><P><A title="https://community.cisco.com/t5/network-access-control/ise-patch-installation-in-distributed-deployment/td-p/3504027" href="https://community.cisco.com/t5/network-access-control/ise-patch-installation-in-distributed-deployment/td-p/3504027" target="_self">https://community.cisco.com/t5/network-access-control/ise-patch-installation-in-distributed-deployment/td-p/3504027</A>&nbsp;</P><P>&nbsp;</P><P>The patch is applied only in Primary nodes.</P> Mon, 09 May 2022 10:26:11 GMT https://community.cisco.com/t5/network-access-control/applying-a-log4j-patch-in-a-distributed-environment/m-p/4606787#M574632 Flavio Miranda 2022-05-09T10:26:11Z https://community.cisco.com/t5/network-access-control/applying-a-log4j-patch-in-a-distributed-environment/m-p/4606974#M574642 <P>Yes, you need to apply the hotpatch on EVERY NODE in the deployment.&nbsp; From the CLI, enter config mode (config t) then configure the repository in which the Log4j hotpatch resides.</P> <P>&nbsp;</P> <PRE>repository &lt;&lt;repository name&gt;&gt;<BR /><BR />url &lt;&lt;repository path - for example <A href="ftp://10.0.0.1&gt;&gt;" target="_blank">ftp://10.0.0.1&gt;&gt;</A><BR />user &lt;&lt;username&gt;&gt; password plain (or hash) &lt;&lt;password&gt;&gt;</PRE> <P>&nbsp;</P> <P>Which version of ISE?&nbsp; ISE 3.0 Patch 5 and ISE 3.1 Patch 3 have the Log4j fix in them so installing the patch through the normal methods will effectively fix the Log4j issues on all nodes.</P> Mon, 09 May 2022 16:34:54 GMT https://community.cisco.com/t5/network-access-control/applying-a-log4j-patch-in-a-distributed-environment/m-p/4606974#M574642 Charlie Moreton 2022-05-09T16:34:54Z https://community.cisco.com/t5/network-access-control/applying-a-log4j-patch-in-a-distributed-environment/m-p/4608666#M574721 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/317086">@Charlie Moreton</a>&nbsp;<BR />Thank you for reply.</P><P>I could configure the repository in CLI and install Log4j patch successfully.</P> Thu, 12 May 2022 00:48:24 GMT https://community.cisco.com/t5/network-access-control/applying-a-log4j-patch-in-a-distributed-environment/m-p/4608666#M574721 Lucas Woo 2022-05-12T00:48:24Z