Cisco ISE | Log4J

This post provides a step-by-step procedure for installing the hot patch released by Cisco for ISE servers, in light of the recent Log4j vulnerability (Apache Log4j Java Logging Library).

More details: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47133


Installation Steps.


#1) Copy the path files to FTP/SFTP Server into disk:/;


#2) Create local repository on ISE Server via CLI;

ise/admin# conf t
ise/admin# repository local
ise/admin# url disk:/

#3) Run the patch:

ise/admin# application install <file-name> local

#4) Verify:

ise/admin# show logging application hotpatch.log

Rollback Steps.


#1) Rollback the hot patch using below command:

ise/admin# application install <rollback-file-name> local

CLI Analysis.


#1) Check filesystems:

ise/admin# show disks

#2) Verify your backups:

ise/admin# show backup status
ise/admin# show backup history

#3) ISE process status:

ise/admin# show application status ise

#4) Start/Stop application:

ise/admin# application stop ise
ise/admin# application start ise

gif

22 views0 comments

Recent Posts

See All

The Cisco Integrated Management Interface (CIMC) permits monitoring of the server inventory, health, and system event logs using the built-in Cisco Integrated Management Controller (CIMC) GUI or CLI i

Cisco ISE Upgrade Readiness Tool (URT) helps detect and fix any data upgrade issues before you start the upgrade process. Most of the upgrade failures occur because of data upgrade/corruption issues.

When you try to back up the ISE configuration, the backup process fails even though there is enough disk space available. Follow some steps to fix this issue: ise/admin# show backup status %% Configur