Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1389
Views
10
Helpful
4
Replies

Applying a Log4j patch in a Distributed Environment

Go to solution
Lucas Woo
Level 1
Level 1

‎05-08-2022 09:57 PM

Hello,

As a title, I run a ISE in a Distributed Environment, which are Primary and Secondary.

I applied a Log4j patch to Primary node, but I couldn`t find a specific way to do it to a Secondary one.

------------------------------------------
●Primary node
# show logging application hotpatch.log
Mon May 9 hh:mm:ss UTC 2022 => CSCwa47133_all_common_1 => CSCwa47133

●Secondary node
# show logging application hotpatch.log
% Error: No such log file.
------------------------------------------

Also, I tried to make repository in a secondary node, but I can`t find the specific area to make it.

Do I have to applying a Log4j patch in a Secondary node in the first place? or Is there any way to apply it?

log4j.jpg

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎05-09-2022 09:34 AM

Yes, you need to apply the hotpatch on EVERY NODE in the deployment.  From the CLI, enter config mode (config t) then configure the repository in which the Log4j hotpatch resides.

 

repository <<repository name>>

url <<repository path - for example ftp://10.0.0.1>>
user <<username>> password plain (or hash) <<password>>

 

Which version of ISE?  ISE 3.0 Patch 5 and ISE 3.1 Patch 3 have the Log4j fix in them so installing the patch through the normal methods will effectively fix the Log4j issues on all nodes.

View solution in original post

4 Replies 4

Go to solution
Mark Elsen
Hall of Fame
Hall of Fame

‎05-08-2022 11:51 PM

 

        >...but I couldn`t find a specific way to do it to a Secondary one.

              Why not ? The cli command sequence is just the same.

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎05-09-2022 09:34 AM

Yes, you need to apply the hotpatch on EVERY NODE in the deployment.  From the CLI, enter config mode (config t) then configure the repository in which the Log4j hotpatch resides.

 

repository <<repository name>>

url <<repository path - for example ftp://10.0.0.1>>
user <<username>> password plain (or hash) <<password>>

 

Which version of ISE?  ISE 3.0 Patch 5 and ISE 3.1 Patch 3 have the Log4j fix in them so installing the patch through the normal methods will effectively fix the Log4j issues on all nodes.

Go to solution
Lucas Woo
Level 1
Level 1
In response to Charlie Moreton

‎05-11-2022 05:48 PM

@Charlie Moreton 
Thank you for reply.

I could configure the repository in CLI and install Log4j patch successfully.

0 Helpful
Customers Also Viewed These Support Documents