Log4j Vulnerability and Goliath Performance Monitor

Log4j Vulnerability and Goliath Performance Monitor

Goliath Performance Monitor’s inventory collection component does include a version of the Java library Log4j that is subject to vulnerabilities. As a precaution and in accordance with Goliath best practices, we have released a patch addressing this issue that includes an updated version of Log4j.

This update applies to Goliath Performance Monitor Customers with v11.8.x to v11.9.x using any of the following:

• VMware and XenServer monitoring
• Citrix Cloud
• EPIC Module

For earlier GPM versions (pre-11.8.x and post-12.x), no update is required.

Download the patch below:

• GPM Log4j Update

Note: The patch was built using Log4j version 2.17.1.

Instructions for applying the patch

NOTE: This patch will update a file associated with the Goliath VMA component. This is typically located on the Goliath Server but may also be deployed to additional servers depending on your environment. If you need assistance, please contact Goliath Support.

1. Download the update file and copy it to your GPM Server and any other servers where you have the VMA component installed.
2. Go to the ..\MonitorIT\vma-api folder
3. Use Windows Services to stop the  MonitorIT Agent service.
4. Copy the new app-1.0.0.jar file to the vma-api folder to replace the existing file. 
5. Restart the MonitorIT Agent Service.