Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
--fix
option does not mitigate 2.17.0. It should be upgraded.--report-dir
with --report-json
option. See #203afs
and autofs
to ignore filesystem list. #194--syslog-level
option. See #186
info
sends also MITIGATED report. This is right option for BI reportingalert
level for SIEM integration.debug
level for error reporting--backup-ext
option. See #141 , #181
zip
.--backup-path
option.
log4j2-scan
--restore [backup_file_path]
option. See #150
.bak
files into the single log4j2_scan_backup_yyyyMMdd_HHmmss.zip
file, then delete all .bak
files automatically since v2.5.0.--restore
option.--syslog-udp [remote_ip:port]
option.
{"time": "2021-12-21 00:00:36+0900", "hostname": "XERAPH", "path": "/path/to/log4j-core-2.16.0.jar", "entry": "", "product": "Log4j 2", "version": "2.16.0", "cve": "CVE-2021-45105", "status": "VULNERABLE", "fixed": false}