I spoke to our Customer Success Manager just now and they have provided me the following information, this doesn't seem to be posted anywhere but this came directly from our CSM and provides a little more information. Hope this helps!
LogicMonitor has evaluated our exposure to the Log4Shell vulnerability and determined that the LM SaaS platform is not affected. We are aware that some versions of the LM Collector include a defective version of log4j, but its architecture has been purposely designed to mitigate such vulnerabilities.
However, out of an abundance of caution, we have developed a mitigation to the Log4Shell exposure and automatically deployed the fix to all Collectors. Instead of updating the Collector software itself, we were able to address the issue by updating the Collector configuration files.
On Dec 11th, all Collectors automatically updated their configuration files to include a directive -Dlog4j2.formatMsgNoLookups=true which neutralizes the Log4Shell attack vector. Because Collectors restart themselves on a 24-hour cadence, the updated configuration will have been applied to each Collector by Dec 12th.
If you want to verify with positive confirmation, you can check your Collectors’ wrapper.conf, watchdog.conf, and websites.conf/services.conf files for the above configuration directive. Also, each Collector that has been updated will include a line in its event log indicating Watchdog restarted by AddLog4jPropertyForWatchdog health check script.
