logstash-patterns-core
By logstash-plugins
log4shell-tools
Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 (by alexbakker)
| logstash-patterns-core | log4shell-tools | |
|---|---|---|
| 3 | 8 | |
| 2,160 | 84 | |
| -0.0% | - | |
| 0.0 | 4.8 | |
| about 1 year ago | 27 days ago | |
| Ruby | Go | |
| Apache License 2.0 | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
logstash-patterns-core
Posts with mentions or reviews of logstash-patterns-core.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-12-16.
-
Log4j 2.15.0 – Previously suggested mitigations may not be enough
Logstash is a hugely popular service for collecting/processing/shipping logs, mainly associated with elasticsearch ("ELK") but has lots of output plugins. It uses log4j, so if one of the log events it was processing contained an exploit string, and also caused logstash to encounter an error processing or shipping the message, that message would get logged to logstash's own log, thus triggering the exploit deep in someone's infrastructure.
probably not too hard to come up with a way to break one of the many "grok" pattern regexes https://github.com/logstash-plugins/logstash-patterns-core/b...
-
Writing an effective GROK pattern
Logstash ships with 120 default patterns. You can find here: https://github.com/logstash-plugins/logstash-patterns-core/tree/master/patterns
-
Ubiquiti Dream Machine Pro Syslog -> ELK via Logstash
You can see all the Grok regexp preset here.
log4shell-tools
Posts with mentions or reviews of log4shell-tools.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-07-20.
-
Log4j: The Pain Just Keeps Going and Going
I'm seeing this as well. While the amount of traffic has certainly decreased compared to the first couple of days after the CVE was announced, https://log4shell.tools is still being used by people every day.
-
How to send similar payload to different http headers?
e.g. from log4j. Taken from https://log4shell.tools/
-
Received a visit from the infamous Dejmnok420 today. Can anyone ELI5 the steps to take now?
I run tests with https://log4shell.tools, and it seems I'm vulnerable on client side, but my server is safe, which makes sense as I compiled the .jar 2 weeks ago with BuildTools as indicated here https://www.spigotmc.org/threads/spigot-security-releases-%E2%80%94-1-8-8%E2%80%931-18.537204/
-
Log4Shell Vulnerability Test Tool
You're right, but this has always been the trade off with tools like this. You put some trust in the tool's authors and gain some insight in return. Remember the services that tested for Heartbleed (e.g. https://filippo.io/Heartbleed/)? Fairly similar trade-off, but still these tools were widely used.
If you really don't trust me and have some technical know-how, you can self host the service. It's open source: https://github.com/alexbakker/log4shell-tools.
-
Log4j 2.15.0 – Previously suggested mitigations may not be enough
I can't say I'm feeling the same. Still lots of people testing over at https://log4shell.tools almost a week after this vulnerability became widely known. Plenty of people still discovering they're vulnerable as well. I think it's likely that these are just the people who know they're using log4j. If you're running a black box product from a vendor you'll have no clue you're vulnerable until it's too late.
-
Analysis of the 2nd Log4j CVE published earlier (CVE-2021-45046 / Log4Shell2)
I have a feeling this vulnerability is going to be with us for years. Shameless plug: I built a tool that assists in detecting whether you're vulnerable to this or the previous CVE: https://log4shell.tools. Just enter the JNDI URI it gives you anywhere you suspect it ends up causing a message lookup in log4j. If log4j does so much as a DNS lookup, this tool will tell you about it.
-
log4shell.tools - Check if you're vulnerable to an egregious case of log4shell
Done! https://github.com/alexbakker/log4shell-tools
What are some alternatives?
When comparing logstash-patterns-core and log4shell-tools you can also consider the following projects:
logstash-patterns - Grok patterns for parsing and structuring log messages with logstash
ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.