In this article, we’ll be finding the Apache Log4J Application is Installed in Azure Servers or Not by using Azure Portal. As logging to servers is not possible at a time to find Log4J We’ll use KQL Query to find it.

With the help of KQL Query, we will be finding the Detecting Log4j Installed Servers by using the Azure Monitor service in Azure Portal.

KQL Query:

ConfigurationData | distinct FileSystemPath

This query is used to all the unique file paths in the disks from the select scope.

KQL Query:

ConfigurationData
| where FileSystemPath contains "log4j"
| project Computer, FileSystemPath

Output:

• If you don’t find any Computer Name and File System Path. i.e., You can consider that your servers are not having Apache Log4J vulnerability.

ConfigurationData
| where FileSystemPath contains "liblog4j2-java"
| project Computer, FileSystemPath

Output:

• If here also, you don’t find any Computer Name and File System Path. i.e., You can consider that your servers are not having Apache Log4J vulnerability.

KQL Query:

ConfigurationData | distinct SoftwareName

This query is used to find all the unique Software Names.

KQL Query:

ConfigurationData
| where SoftwareName contains "log4j"
| project Computer, SoftwareName

Output:

• Again if you don’t find any Computer Name and Software Name. i.e., You can consider that your servers are not having Apache Log4J vulnerability.

KQL Query:

ConfigurationData
| where SoftwareName contains "liblog4j2-java"
| project Computer, SoftwareName

Output:

Reference:

• Official Microsoft Blog