background
Due to serious vulnerabilities in the lower version of log4j, the log4j that comes with different components must be upgraded to the specified version (2.17.1). Recently, the log4j version of ES-7.8.0 has been upgraded, and I hereby record it.
Steps
1. Upgrade the jar package and go to the apache official website to download the corresponding version.
2. Terminate the ES service on the server first, kill -9 process number.
3. Use the find command to find the log4j jar package in the ES installation directory, as follows:
[xxw@123456 es]$ find ./elasticsearch-7.8.0/ -name 'log4j*.jar'
./elasticsearch-7.8.0/modules/x-pack-identity-provider/log4j-slf4j-impl-2.11.1.jar
./elasticsearch-7.8.0/modules/x-pack-security/log4j-slf4j-impl-2.11.1.jar
./elasticsearch-7.8.0/modules/x-pack-core/log4j-1.2-api-2.11.1.jar
./elasticsearch-7.8.0/lib/log4j-core-2.11.1.jar
./elasticsearch-7.8.0/lib/log4j-api-2.11.1.jar4. Move these jar packages to a temporary backup directory (these files can be rolled back in case of accident).
5. Replace the new jar package accordingly, here replace 2.11.1 with version 2.17.1, as follows:
cp log4j-slf4j-impl-2.17.1.jar ./elasticsearch-7.8.0/modules/x-pack-identity-provider/
cp log4j-slf4j-impl-2.17.1.jar ./elasticsearch-7.8.0/modules/x-pack-security/
cp log4j-1.2-api-2.17.1.jar ./elasticsearch-7.8.0/modules/x-pack-core/
cp log4j-core-2.17.1.jar ./elasticsearch-7.8.0/lib/
cp log4j-api-2.17.1.jar ./elasticsearch-7.8.0/lib/6. After the replacement, use the find command to confirm whether the replacement is complete, as follows:
[xxw@123456 es]$ find ./elasticsearch-7.8.0/ -name 'log4j*.jar'
./elasticsearch-7.8.0/modules/x-pack-identity-provider/log4j-slf4j-impl-2.17.1.jar
./elasticsearch-7.8.0/modules/x-pack-security/log4j-slf4j-impl-2.17.1.jar
./elasticsearch-7.8.0/modules/x-pack-core/log4j-1.2-api-2.17.1.jar
./elasticsearch-7.8.0/lib/log4j-core-2.17.1.jar
./elasticsearch-7.8.0/lib/log4j-api-2.17.1.jar7. Finally, restart the ES service and verify whether the ES service is running normally.
There are two ways to start ES:
- Window start: ./elasticsearch-7.8.0/bin/elasticsearch
- Background start: ./elasticsearch-7.8.0/bin/elasticsearch -d
View process verification: jps or ps -ef|grep elasticsearch
Send request verification: curl http://host IP: configuration port number/
[xxx@123456 es]$ curl http://10.129.40.16:9200/
{
"name" : "node-1",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "iHwx-eIsTxinhm4sY-S7_A",
"version" : {
"number" : "7.8.0",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "757314695644ea9a1dc2fecd26d1a43856725e65",
"build_date" : "2020-06-14T19:35:50.234439Z",
"build_snapshot" : false,
"lucene_version" : "8.5.1",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}problems encountered
1. Use the find command to report an error, as follows:
[xxw@123456 es]$ find ./elasticsearch-7.8.0/ -name "log4j*.jar"
find: paths must precede expression
Usage: find [-H] [-L] [-P] [path...] [expression]Solution : You need to use single quotes instead of double quotes when looking for multiple files.
2. Can't find the required 2.17.1 jar package on the official website?
Go here, Index of /dist/logging/log4j