Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
879
Views
10
Helpful
4
Replies

Applying a Log4j patch in a Distributed Environment

Go to solution
Lucas Woo
Beginner
Beginner

‎05-08-2022 09:57 PM

Hello,

As a title, I run a ISE in a Distributed Environment, which are Primary and Secondary.

I applied a Log4j patch to Primary node, but I couldn`t find a specific way to do it to a Secondary one.

------------------------------------------
●Primary node
# show logging application hotpatch.log
Mon May 9 hh:mm:ss UTC 2022 => CSCwa47133_all_common_1 => CSCwa47133

●Secondary node
# show logging application hotpatch.log
% Error: No such log file.
------------------------------------------

Also, I tried to make repository in a secondary node, but I can`t find the specific area to make it.

Do I have to applying a Log4j patch in a Secondary node in the first place? or Is there any way to apply it?

log4j.jpg

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎05-09-2022 09:34 AM

Yes, you need to apply the hotpatch on EVERY NODE in the deployment.  From the CLI, enter config mode (config t) then configure the repository in which the Log4j hotpatch resides.

 

repository <<repository name>>

url <<repository path - for example ftp://10.0.0.1>>
user <<username>> password plain (or hash) <<password>>

 

Which version of ISE?  ISE 3.0 Patch 5 and ISE 3.1 Patch 3 have the Log4j fix in them so installing the patch through the normal methods will effectively fix the Log4j issues on all nodes.

View solution in original post

4 Replies 4

Go to solution
marce1000
VIP Mentor VIP Mentor
VIP Mentor

‎05-08-2022 11:51 PM

 

        >...but I couldn`t find a specific way to do it to a Secondary one.

              Why not ? The cli command sequence is just the same.

 M.



-- ' A nun once asked a penguin ' do you think the earth is flat ? ; the penguin replied :
Madam, it all depends , in Riemann geometries the earth can be perfectly flat! The nun thanked him , he tripped and fell forward : the poor animal had forgotten that he might be living in a Riemann geometry too!
0 Helpful

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎05-09-2022 09:34 AM

Yes, you need to apply the hotpatch on EVERY NODE in the deployment.  From the CLI, enter config mode (config t) then configure the repository in which the Log4j hotpatch resides.

 

repository <<repository name>>

url <<repository path - for example ftp://10.0.0.1>>
user <<username>> password plain (or hash) <<password>>

 

Which version of ISE?  ISE 3.0 Patch 5 and ISE 3.1 Patch 3 have the Log4j fix in them so installing the patch through the normal methods will effectively fix the Log4j issues on all nodes.

Go to solution
Lucas Woo
Beginner
Beginner
In response to Charlie Moreton

‎05-11-2022 05:48 PM

@Charlie Moreton 
Thank you for reply.

I could configure the repository in CLI and install Log4j patch successfully.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents