Upgrading Wazuh server¶
Follow these steps to update your
Wazuh v1.x server to
- First, stop the processes:
# /var/ossec/bin/ossec-control stop # systemctl stop wazuh-api
- If you have a distributed architecture, remove logstash-forwarder as it has been replaced by Filebeat:
Deb systems:# apt-get remove logstash-forwarder
RPM systems:# yum remove logstash-forwarder
- Install the Wazuh server:
You can upgrade your current installation by following the below installation guide for your specific operating system:
Once the package is installed, review your
/var/ossec/etc/ossec.conffile because your previous version will have been overwritten. The previous version has been saved as
ossec.conf.deborig. It is recommended that you compare the new file with the old one and import old settings where needed.
A backup of your custom rules and decoders will also be saved at
/var/ossec/etc/backup_ruleset. You will need to reapply them. We recommend that you use
/var/ossec/etc/rulesfor custom rules and decoders going forward as these directories will not be overwritten by future upgrades.
/var/ossec/bin/manage_agents -Vto confirm that you are now running
# /var/ossec/bin/manage_agents -V Wazuh v2.0 - Wazuh Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License (version 2) as published by the Free Software Foundation.