...

Each admin must evaluate for itself whether their installation setup may have unintentionally leaked PII and decide whether and how users should be informed.

4. Exploitation detection

A set of processes have been documented for identifying potential cases of attempted exploitation; these are based on identifying existing log4j usage and scanning logs for variations of the "${jndi:ldap:" string.

 https://www.trustedsec.com/blog/log4j-playbook/#_Exploitation_Detection  

https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b