Upgrading Wazuh server¶
Follow next steps in order to update your
Wazuh v1.x server to
- First of all, stop running processes:
$ /var/ossec/bin/ossec-control stop $ systemctl stop wazuh-api
- Only if you have a distributed architecture, remove logstash-forwarder (it’s been replaced by Filebeat):
Deb systems:$ apt-get remove logstash-forwarder
RPM systems:$ yum remove logstash-forwarder
- Install Wazuh server:
You could upgrade your current installation by following our installation guide.
Once the package is installed, review your
/var/ossec/etc/ossec.conffile, as it will be overwritten. The one that was previously in use has been saved as
ossec.conf.deborig. It is recommended to compare the new file with the old one and import old settings when needed.
A backup of your custom rules and decoders will be saved at
/var/ossec/etc/backup_ruleset. You need to reapply them again, we recommend use
/var/ossec/etc/rulesfor custom rules and decoders, these directories won’t be overwritten by future upgrades.
/var/ossec/bin/manage_agents -Vto confirm that now you are running
$ /var/ossec/bin/manage_agents -V Wazuh v2.0 - Wazuh Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License (version 2) as published by the Free Software Foundation.