Log4j2 Scanner

Download 16
Last updated Aug 12, 2022

Install Guide

Log4j2 Scanner is an app that visualizes the result data of the scanner, and the scanner must be installed on each server first.

  • Download Logpresso Log4j scanner on your system.
  • Wait until scanning is completed.
    • When scanning is completed, scanner sends report to Log4j2 Scanner App
    • The Log4j2 Scanner app receives reports from the scanner and visualizes them.
  • View dashboard or search logs as you want.
    • CVE-2021-44228 vulnerability should be mitigated immediately. Use --force-fix option to eliminate JndiLookup.class file from vulnerable JAR file.
    • For log4j 2.x vulnerabilities, keep the number of vulnerable files equal to the number of mitigated files. You should uninstall vulnerable application or upgrade it to remove vulnerabilities.
    • For log4j 1.x vulnerabilities, upgrade log4j 1.x to hardened reload4j or Log4j 2 to remove vulnerabilities.

Any Linux and UNIX

For Linux, Solaris, HP-UX, AIX with Java installation

If you have java (7 or above) on your system, copy/paste following auto-generated command and run it as root.

wget -q https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v3.0.1/logpresso-log4j2-scan-3.0.1.jar && java -jar logpresso-log4j2-scan-3.0.1.jar --scan-log4j1 --scan-logback --throttle 1000 --syslog-udp [SERVER IP]:[syslog PORT] /

Any Windows

Both 32bit and 64bit with Java installation

If you have java (7 or above) on your system, copy/paste following auto-generated command and run it as administrator.

java -jar logpresso-log4j2-scan-3.0.1.jar --scan-log4j1 --scan-logback --all-drives --throttle 1000 --syslog-udp [SERVER IP]:[syslog PORT]

Mac OS X

For Intel/ARM Mac without Java installation

Copy/paste following auto-generated command and run it as root.

wget -q https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v3.0.1/logpresso-log4j2-scan-3.0.1-darwin.zip && unzip logpresso-log4j2-scan-3.0.1-darwin.zip && ./log4j2-scan --scan-log4j1 --scan-logback --throttle 1000 --syslog-udp [SERVER IP]:[syslog PORT] /

Linux x64

For RHEL/CentOS 6 or above without Java installation

Copy/paste following auto-generated command and run it as root.

wget -q https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v3.0.1/logpresso-log4j2-scan-3.0.1-linux.tar.gz && tar xzf logpresso-log4j2-scan-3.0.1-linux.tar.gz && ./log4j2-scan --scan-log4j1 --scan-logback --throttle 1000 --syslog-udp [SERVER IP]:[syslog PORT] /

Linux aarch64

For RHEL/CentOS 6 or above without Java installation

Copy/paste following auto-generated command and run it as root.

wget -q https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v3.0.1/logpresso-log4j2-scan-3.0.1-linux-aarch64.tar.gz && tar xzf logpresso-log4j2-scan-3.0.1-linux-aarch64.tar.gz && ./log4j2-scan --scan-log4j1 --scan-logback --throttle 1000 --syslog-udp [SERVER IP]:[syslog PORT] /

Windows x64

Windows without Java installation

log4j2-scan.exe --scan-log4j1 --scan-logback --all-drives --throttle 1000 --syslog-udp [SERVER IP]:[syslog PORT]

For a detailed description of the scanner, please visit CVE-2021-44228-Scanner Github Repository.