Upgrading Wazuh server
Follow these steps to update your Wazuh v1.x
server to Wazuh v2.x
.
First, stop the processes:
# /var/ossec/bin/ossec-control stop # systemctl stop wazuh-api
If you have a distributed architecture, remove logstash-forwarder as it has been replaced by Filebeat:
Deb systems:
# apt-get remove logstash-forwarderRPM systems:
# yum remove logstash-forwarder
Install the Wazuh server:
You can upgrade your current installation by following the below installation guide for your specific operating system:
Once the package is installed, review your
/var/ossec/etc/ossec.conf
file because your previous version will have been overwritten. The previous version has been saved asossec.conf.rpmorig
orossec.conf.deborig
. It is recommended that you compare the new file with the old one and import old settings where needed.A backup of your custom rules and decoders will also be saved at
/var/ossec/etc/backup_ruleset
. You will need to reapply them. We recommend that you use/var/ossec/etc/decoders
and/var/ossec/etc/rules
for custom rules and decoders going forward as these directories will not be overwritten by future upgrades.
Run
/var/ossec/bin/manage_agents -V
to confirm that you are now runningWazuh v2.x
:
# /var/ossec/bin/manage_agents -V
Wazuh v2.0 - Wazuh Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License (version 2) as
published by the Free Software Foundation.