top of page
Search

Cisco ISE | Log4J

This post provides a step-by-step procedure for installing the hot patch released by Cisco for ISE servers, in light of the recent Log4j vulnerability (Apache Log4j Java Logging Library).

More details: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47133


Installation Steps.


#1) Copy the path files to FTP/SFTP Server into disk:/;


#2) Create local repository on ISE Server via CLI;

ise/admin# conf t
ise/admin# repository local
ise/admin# url disk:/

#3) Run the patch:

ise/admin# application install <file-name> local

#4) Verify:

ise/admin# show logging application hotpatch.log

Rollback Steps.


#1) Rollback the hot patch using below command:

ise/admin# application install <rollback-file-name> local

CLI Analysis.


#1) Check filesystems:

ise/admin# show disks

#2) Verify your backups:

ise/admin# show backup status
ise/admin# show backup history

#3) ISE process status:

ise/admin# show application status ise

#4) Start/Stop application:

ise/admin# application stop ise
ise/admin# application start ise


26 views0 comments

Recent Posts

See All

Duologsync (DLS) is a utility written by Duo Security that supports fetching logs from Duo endpoints and ingesting them to different SIEMs. Logging: A logging filepath can be specified in config.yml.

Syslog is a protocol that computer systems use to send event data logs to a central location for storage. Logs can then be accessed by analysis and reporting software to perform audits, monitoring, tr

ISE Repositories can be configured from both the GUI and the CLI of the ISE and can be used for these purposes: ➛ Backup and Restore of ISE Configuration and Operational data; ➛ Upgrade of ISE nodes;

bottom of page