How to identify systems with vulnerable log4j

In response to the Apache Log4j vulnerability CVE 2021-44228, New Relic offers several solutions to help users identify potentially vulnerable systems and manage security risks. The company recommends upgrading Apache Log4j to version 2.16.0 immediately and has developed an open-source script called NR-find-log-4j, which scans New Relic-monitored services to detect Java services using log4j-core, although it does not guarantee the identification of all vulnerabilities. Additionally, New Relic's APM Environment functionality helps users detect at-risk agents or applications by examining the jars loaded in the JVM runtime, while New Relic Log Management allows for the tracking of attempted log4j exploits by searching for specific indicators in log records. These tools are part of New Relic's wider effort to assist organizations in addressing the security challenges posed by the log4j incident, and they are available to users with a free New Relic account.