You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
| #!/usr/bin/env node | |
| // replace all UTC dates to local dates in pipe | |
| // usage: docker logs -t container_name | docker-logs-localtime | |
| // install: | |
| // curl https://gist.githubusercontent.com/popstas/ffcf282492fd78389d1df2ab7f31052a/raw/505cdf97c6a1edbb10c3b2b64e1836e0627b87a0/docker-logs-localtime > /usr/local/bin/docker-logs-localtime && chmod +x /usr/local/bin/docker-logs-localtime | |
| // alternative: https://github.com/HuangYingNing/docker-logs-localtime | |
| const pad = d => (d > 9 ? d : '0' + d); |