Fortinet Document Library

Version:


Table of Contents

FortiMonitor User Guide

22.1.0
Copy Link

Technical tip: Mitigating log4j Vulnerability impact on NCM

Description

This article describes the mitigation steps for the Apache log4j Vulnerability's effect on FortiMonitor Network Configuration Management (NCM).

Scope

FortiMonitor NCM

Mitigation steps

To mitigate the vulnerability, perform the following:

  1. Upgrade to the latest version of the NCM by running:

#! /bin/bash


docker container rm -f ncm

docker image rm -f panopta/onsight-ncm:latest

 

docker run -it -d -e JAVA_OPTS='-Xms1G -Xmx1G' \

-e TZ='Etc/UTC' \

-e mem_allocation='1G' \

-e profiles_active='panopta' \

-e theme_name='panopta' \

-e theme_mode='light' \

-e theme_switch_enabled='false' \

-e aggregator_url='https://aggregator2.panopta.com/v2/ncm_device_inventory' \

-e sync_schedule='*/30 * * * * ?' \

-p 8085:8085 \

--name ncm \

--mount source=ncm-config,target=/etc/unimus \

--mount source=ncm-logs,target=/var/log/unimus \

--restart unless-stopped \

panopta/onsight-ncm:latest

 

docker network connect ncm ncm

 

docker container restart ncm

Technical tip: Mitigating log4j Vulnerability impact on NCM

Description

This article describes the mitigation steps for the Apache log4j Vulnerability's effect on FortiMonitor Network Configuration Management (NCM).

Scope

FortiMonitor NCM

Mitigation steps

To mitigate the vulnerability, perform the following:

  1. Upgrade to the latest version of the NCM by running:

#! /bin/bash


docker container rm -f ncm

docker image rm -f panopta/onsight-ncm:latest

 

docker run -it -d -e JAVA_OPTS='-Xms1G -Xmx1G' \

-e TZ='Etc/UTC' \

-e mem_allocation='1G' \

-e profiles_active='panopta' \

-e theme_name='panopta' \

-e theme_mode='light' \

-e theme_switch_enabled='false' \

-e aggregator_url='https://aggregator2.panopta.com/v2/ncm_device_inventory' \

-e sync_schedule='*/30 * * * * ?' \

-p 8085:8085 \

--name ncm \

--mount source=ncm-config,target=/etc/unimus \

--mount source=ncm-logs,target=/var/log/unimus \

--restart unless-stopped \

panopta/onsight-ncm:latest

 

docker network connect ncm ncm

 

docker container restart ncm