05-08-2022 09:57 PM
Hello,
As a title, I run a ISE in a Distributed Environment, which are Primary and Secondary.
I applied a Log4j patch to Primary node, but I couldn`t find a specific way to do it to a Secondary one.
------------------------------------------
●Primary node
# show logging application hotpatch.log
Mon May 9 hh:mm:ss UTC 2022 => CSCwa47133_all_common_1 => CSCwa47133
●Secondary node
# show logging application hotpatch.log
% Error: No such log file.
------------------------------------------
Also, I tried to make repository in a secondary node, but I can`t find the specific area to make it.
Do I have to applying a Log4j patch in a Secondary node in the first place? or Is there any way to apply it?
Solved! Go to Solution.
05-09-2022 09:34 AM
Yes, you need to apply the hotpatch on EVERY NODE in the deployment. From the CLI, enter config mode (config t) then configure the repository in which the Log4j hotpatch resides.
repository <<repository name>>
url <<repository path - for example ftp://10.0.0.1>>
user <<username>> password plain (or hash) <<password>>
Which version of ISE? ISE 3.0 Patch 5 and ISE 3.1 Patch 3 have the Log4j fix in them so installing the patch through the normal methods will effectively fix the Log4j issues on all nodes.
05-08-2022 11:51 PM
>...but I couldn`t find a specific way to do it to a Secondary one.
Why not ? The cli command sequence is just the same.
M.
05-09-2022 03:26 AM
You may want to see this:
https://www.lookingpoint.com/blog/cisco-ise-patching
and this:
The patch is applied only in Primary nodes.
05-09-2022 09:34 AM
Yes, you need to apply the hotpatch on EVERY NODE in the deployment. From the CLI, enter config mode (config t) then configure the repository in which the Log4j hotpatch resides.
repository <<repository name>>
url <<repository path - for example ftp://10.0.0.1>>
user <<username>> password plain (or hash) <<password>>
Which version of ISE? ISE 3.0 Patch 5 and ISE 3.1 Patch 3 have the Log4j fix in them so installing the patch through the normal methods will effectively fix the Log4j issues on all nodes.
05-11-2022 05:48 PM
@Charlie Moreton
Thank you for reply.
I could configure the repository in CLI and install Log4j patch successfully.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide