Migrating from OSSEC¶
This document describes how to migrate your existing OSSEC installation (agent or manager) to Wazuh. For interactive help, our email forum is available. You can subscribe by sending an email to
The migration of Elastic stack, in the case that you already have it installed, is beyond the scope of Wazuh documentation. We recommend you visit our guides for Installing Elastic Stack.
Follow the appropriate section depending on the type of your OSSEC installation:
|Upgrade from||Type||Installation type||Upgrade to||Guide|
|OSSEC 2.8.3+||Manager||Packages||Wazuh 2.0||Migrating OSSEC manager installed from packages|
|OSSEC 2.8.3+||Manager||Sources||Wazuh 2.0||Install Wazuh server with RPM packages|
|Install Wazuh server with Deb packages|
|OSSEC 2.8.3+||Agent||Packages||Wazuh 2.0||Migrating OSSEC agent installed from packages|
|OSSEC 2.8.3+||Agent||Sources||Wazuh 2.0||Install Wazuh agent with RPM packages|
|Install Wazuh agent with Deb packages|
For cases where OSSEC was installed from sources, the configuration file
/var/ossec/etc/ossec.conf will be overwritten. The old configuration file from the current installation is saved as
ossec.conf.deborig. You should compare the new file with the old one. Also, a backup of your previous ruleset will be saved at
/var/ossec/etc/backup_ruleset. All the rules/decoders in files other than
local_decoder.xml will be overwritten.