VMware vSphere

 View Only

  • 1.  how to check log4j version on my Vcenter?

    Posted Dec 13, 2021 09:34 AM

    Hello Guys, can someone help me with b

    this, how can I check log4j version on my windows Vcenter?  I checked from control panel and found VMware-Apache-Tomcat version 6.5.0.63800 .

    Is this version 6.5.0.63800 and log4j version between 2.0 and 2.14.1 are same?

     

    Regards 

    Aaref Sayyad 



  • 2.  RE: how to check log4j version on my Vcenter?

    Posted Dec 13, 2021 10:37 PM

    same question



  • 3.  RE: how to check log4j version on my Vcenter?

    Posted Dec 15, 2021 06:28 PM

    I have the same question but how can I check the version of log4j from the linux-based vcenter virtual appliance?



  • 4.  RE: how to check log4j version on my Vcenter?

    Posted Dec 15, 2021 07:28 PM

    According to Workaround instructions to address CVE-2021-44228 in vCenter Server and vCenter Cloud Gateway (87081) (vmware.com)

    You can verify the work around worked so I assume the same negative results will show you have the effected version.

    Verify the changes

    Once all sections are complete, use the following steps to confirm if they were implemented successfully.

    1. Verify if the vMon services were started with the new -Dlog4j2.formatMsgNoLookups=true parameter:
    ps auxww | grep formatMsgNoLookups

    Check if the processes include -Dlog4j2.formatMsgNoLookups=true
     
    2.Verify the Update Manager changes are shown under "System Properties" in the output of the following two commands:

    cd /usr/lib/vmware-updatemgr/bin/jetty/
    java -jar start.jar --list-config
     
    System Properties:
    ------------------
     log4j2.formatMsgNoLookups = true (/usr/lib/vmware-updatemgr/bin/jetty/start.ini    )

    3. Verify the Analytics Service changes:

    grep -i jndilookup /usr/lib/vmware/common-jars/log4j-core-2.8.2.jar | wc -l
     
    This should return 0 lines 


  • 5.  RE: how to check log4j version on my Vcenter?

    Posted Jan 12, 2022 07:28 PM

    Does anyone know how to find the log4j version of a vCenter appliance? Is there any simple command that I can run and find the version? I was searching this online and it seems no has answered!

    Expectation is after running a command we would be able to see something like 2.16 or 2.17 etc.

    Please help if you know it.



  • 6.  RE: how to check log4j version on my Vcenter?

    Posted Jan 13, 2022 01:01 AM

     

    What wrong with https://kb.vmware.com/s/article/87081?lang=en_US  ?. Script comes with a dry run mode.

    Regards,
    Joerg



  • 7.  RE: how to check log4j version on my Vcenter?

    Broadcom Employee
    Posted Jan 13, 2022 03:29 AM

    log4j is not a installable package, it is a java file bundled with other installed packages. Meaning every installed package with log4j could theoretically have a different version. As you see in that output, there are at least 3 different versions there .

    Ajay1988_0-1642044456029.png

    So just follow the KB to get the workaorund-https://kb.vmware.com/s/article/87081 ..Actual patch for vCSA will come in a future release.

    Follow https://www.vmware.com/security/advisories/VMSA-2021-0028.html

     



  • 8.  RE: how to check log4j version on my Vcenter?

    Posted Feb 15, 2022 02:19 PM

    Thank you Ajay, this works for me.