background
Repair process
cd /tmp && wget https://dlcdn.apache.org/logging/log4j/2.15.0/apache-log4j-2.15.0-bin.tar.gz mv /usr/share/elasticsearch/lib/log4j-core-2*.jar /tmp && \ mv /usr/share/elasticsearch/lib/log4j-api-2*.jar /tmp && \ mv /usr/share/elasticsearch/lib/log4j-1.2-api-2*.jar /tmp && \ tar -zxf apache-log4j-2.15.0-bin.tar.gz && \ cd /tmp/apache-log4j-2.15.0-bin/ && \ cp log4j-core-2.15.0.jar /usr/share/elasticsearch/lib/ && \ cp log4j-api-2.15.0.jar /usr/share/elasticsearch/lib/ && \ cp log4j-1.2-api-2.15.0.jar /usr/share/elasticsearch/lib/ && \ ls /usr/share/elasticsearch/lib/ | grep 'log4j' && \ echo 'replaced log4j with new jars, restarting ES now...' &&\ sudo systemctl restart elasticsearch && \ sleep 2 && \ watch -n 2 'sudo systemctl status elasticsearch | grep ago'
Script
#!/ bin/bash # Set log4j version log4j_version="2.17.0" # Download log4j cd /tmp && wget https://archive.apache.org/dist/logging/log4j/ ${log4j_version}/apache-log4j-$ {log4j_version}-bin.tar.gz # Move existing log4j jars to temporary location mv /usr/share/elasticsearch/lib/log4j-core-2*.jar /tmp && \ mv /usr/share/elasticsearch/lib/log4j-api-2*.jar /tmp && \ mv /usr/share/elasticsearch/lib/log4j-1.2-api-2*.jar /tmp && \ # Extract and copy new log4j jars to Elasticsearch lib tar -zxf apache-log4j-$ {log4j_version}-bin.tar.gz && \ cd /tmp/apache-log4j-$ {log4j_version}-bin / && \ cp log4j-core-${log4j_version}.jar /usr/share/elasticsearch/lib/ && \ cp log4j-api-${log4j_version}.jar /usr/share/elasticsearch/lib/ && \ cp log4j-1.2-api-${log4j_version}.jar /usr/share/elasticsearch/lib/ && \ # Check new log4j jars are in place ls /usr/share/elasticsearch/lib/ | grep 'log4j' && \ # Restart Elasticsearch echo 'replaced log4j with new jars, restarting ES now...' &&\ sudo systemctl restart elasticsearch && \ sleep 2 && \ # Monitor Elasticsearch status watch -n 2 'sudo systemctl status elasticsearch | grep ago'
reference resources