cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1542
Views
5
Helpful
4
Replies

FPR-1010 - What should the version be after patching with LOG4j Hotfix

yleduc
Level 1
Level 1

Hello all,

Just patched an FPR-1010 with the Hotfix for Log4J. While Patch History says that it is there, when I look at version either through FDM or via the CLI, there are no trace of its presence. How can I confirm the patch is there and running.

 

In my case, I applied 6.6.5.1-15 and then the hotfix 6.6.5.2-4. The version returned is 6.6.5.1-15.

 

Anybody seen this behaviour ?

 

Thank you.

1 Accepted Solution

Accepted Solutions

Hi,

I had same case with 7.0.1. Go to FTD CLI and from expert navigate to ls
/var/sf/updates

If you see Uninstaller for the patch created then patch was installed
successfully.

**** please remember to rate useful posts

View solution in original post

4 Replies 4

Hi,

I had same case with 7.0.1. Go to FTD CLI and from expert navigate to ls
/var/sf/updates

If you see Uninstaller for the patch created then patch was installed
successfully.

**** please remember to rate useful posts

Thanks Mohammed.



Yes I do have the uninstaller in the provided directory. Just wonder why they have a version number on the file but don't use it. Would be so much simpler instead of having to go into the guts of their software.


yleduc
Level 1
Level 1

Update to the solution:

 

while searching on the problem, I found the following. if you run  find / -name log4j* -print 2>/dev/null you will obtain the following in the result:

 

/ngfw/var/cisco/ngfwWebUi/tomcat/webapps/ROOT/WEB-INF/lib/log4j-slf4j-impl-2.16.0.jar
/ngfw/var/cisco/ngfwWebUi/tomcat/webapps/ROOT/WEB-INF/lib/log4j-1.2-api-2.16.0.jar
/ngfw/var/cisco/ngfwWebUi/tomcat/webapps/ROOT/WEB-INF/lib/log4j-core-2.16.0.jar
/ngfw/var/cisco/ngfwWebUi/tomcat/webapps/ROOT/WEB-INF/lib/log4j-api-2.16.0.jar

 

and previous files (updated by 6.6.5.2)

 

/ngfw/var/cisco/ngfwWebUi/ftd_onbox_6.6.5.2_previous/ROOT/WEB-INF/lib/log4j-1.2-api-2.3.jar
/ngfw/var/cisco/ngfwWebUi/ftd_onbox_6.6.5.2_previous/ROOT/WEB-INF/lib/log4j-api-2.3.jar
/ngfw/var/cisco/ngfwWebUi/ftd_onbox_6.6.5.2_previous/ROOT/WEB-INF/lib/log4j-core-2.3.jar
/ngfw/var/cisco/ngfwWebUi/ftd_onbox_6.6.5.2_previous/ROOT/WEB-INF/lib/log4j-slf4j-impl-2.3.jar

yleduc
Level 1
Level 1

while debugging an upgrade, I found the following directory for the actual status of the upgrade as you can actually follow along while the upgrade is taking place. This way, you are not kept in the dark of what is going on. 

The directory is /ngfw/var/log/sf. In that directory, there is a file update_status or upgrade_status (don't remember the filename exactly) that you can tail -f to see the upgrade process taking place. There is also a subdirectory for each patch that are applied with more details.