Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1129
Views
10
Helpful
4
Replies

Applying a Log4j patch in a Distributed Environment

Go to solution
Lucas Woo
Level 1
Level 1

‎05-08-2022 09:57 PM

Hello,

As a title, I run a ISE in a Distributed Environment, which are Primary and Secondary.

I applied a Log4j patch to Primary node, but I couldn`t find a specific way to do it to a Secondary one.

------------------------------------------
●Primary node
# show logging application hotpatch.log
Mon May 9 hh:mm:ss UTC 2022 => CSCwa47133_all_common_1 => CSCwa47133

●Secondary node
# show logging application hotpatch.log
% Error: No such log file.
------------------------------------------

Also, I tried to make repository in a secondary node, but I can`t find the specific area to make it.

Do I have to applying a Log4j patch in a Secondary node in the first place? or Is there any way to apply it?

log4j.jpg

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎05-09-2022 09:34 AM

Yes, you need to apply the hotpatch on EVERY NODE in the deployment.  From the CLI, enter config mode (config t) then configure the repository in which the Log4j hotpatch resides.

 

repository <<repository name>>

url <<repository path - for example ftp://10.0.0.1>>
user <<username>> password plain (or hash) <<password>>

 

Which version of ISE?  ISE 3.0 Patch 5 and ISE 3.1 Patch 3 have the Log4j fix in them so installing the patch through the normal methods will effectively fix the Log4j issues on all nodes.

View solution in original post

4 Replies 4

Go to solution
marce1000
VIP
VIP

‎05-08-2022 11:51 PM

 

        >...but I couldn`t find a specific way to do it to a Secondary one.

              Why not ? The cli command sequence is just the same.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎05-09-2022 09:34 AM

Yes, you need to apply the hotpatch on EVERY NODE in the deployment.  From the CLI, enter config mode (config t) then configure the repository in which the Log4j hotpatch resides.

 

repository <<repository name>>

url <<repository path - for example ftp://10.0.0.1>>
user <<username>> password plain (or hash) <<password>>

 

Which version of ISE?  ISE 3.0 Patch 5 and ISE 3.1 Patch 3 have the Log4j fix in them so installing the patch through the normal methods will effectively fix the Log4j issues on all nodes.

Go to solution
Lucas Woo
Level 1
Level 1
In response to Charlie Moreton

‎05-11-2022 05:48 PM

@Charlie Moreton 
Thank you for reply.

I could configure the repository in CLI and install Log4j patch successfully.

0 Helpful
Customers Also Viewed These Support Documents