Follow these steps to update the Wazuh server 1.x to the Wazuh server 2.x.
Stop the processes:
# /var/ossec/bin/ossec-control stop # systemctl stop wazuh-api
In case of having a multitier server, remove logstash-forwarder as it has been replaced by Filebeat:
Install the Wazuh server:
The current installation can be upgraded by following the installation guide for the specific operating system.
Once the package is installed, review the
/var/ossec/etc/ossec.confconfiguration file since it will be overwritten. The previous version can be found at the
ossec.conf.rpmorigfile or the
ossec.conf.deborigfile. It is recommended to compare the new file with its old version and import previous settings where needed.
A backup of the custom rules and decoders will be saved at
/var/ossec/etc/backup_ruleset. The custom ruleset has to be reapplied. It is recommended to use the
/var/ossec/etc/decodersfolder and the
/var/ossec/etc/rulesfolder for custom rules and decoders as these directories will not be overwritten by future upgrades.
Execute the following command to verify the Wazuh server's version:
# /var/ossec/bin/manage_agents -V
Wazuh v2.0 - Wazuh Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License (version 2) as published by the Free Software Foundation.