Upgrading Wazuh server
Follow next steps in order to update your Wazuh v1.x
server to Wazuh v2.x
.
First of all, stop running processes:
$ /var/ossec/bin/ossec-control stop $ systemctl stop wazuh-api
Only if you have a distributed architecture, remove logstash-forwarder (it's been replaced by Filebeat):
Deb systems:
$ apt-get remove logstash-forwarderRPM systems:
$ yum remove logstash-forwarder
Install Wazuh server:
You could upgrade your current installation by following our installation guide.
Once the package is installed, review your
/var/ossec/etc/ossec.conf
file, as it will be overwritten. The one that was previously in use has been saved asossec.conf.rpmorig
orossec.conf.deborig
. It is recommended to compare the new file with the old one and import old settings when needed.A backup of your custom rules and decoders will be saved at
/var/ossec/etc/backup_ruleset
. You need to reapply them again, we recommend use/var/ossec/etc/decoders
and/var/ossec/etc/rules
for custom rules and decoders, these directories won't be overwritten by future upgrades.
Run
/var/ossec/bin/manage_agents -V
to confirm that now you are runningWazuh v2.x
:
$ /var/ossec/bin/manage_agents -V
Wazuh v2.0 - Wazuh Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License (version 2) as
published by the Free Software Foundation.