You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
FWIW: I (@rondy) am not the creator of the content shared here, which is an excerpt from Edmond Lau's book. I simply copied and pasted it from another location and saved it as a personal note, before it gained popularity on news.ycombinator.com. Unfortunately, I cannot recall the exact origin of the original source, nor was I able to find the author's name, so I am can't provide the appropriate credits.
| /** | |
| * Retrieves all the rows in the active spreadsheet that contain data and logs the | |
| * values for each row. | |
| * For more information on using the Spreadsheet API, see | |
| * https://developers.google.com/apps-script/service_spreadsheet | |
| */ | |
| function readRows() { | |
| var sheet = SpreadsheetApp.getActiveSheet(); | |
| var rows = sheet.getDataRange(); | |
| var numRows = rows.getNumRows(); |