Upgrading the Wazuh server from 1.x to 2.x
Follow these steps to update the Wazuh server 1.x to the Wazuh server 2.x.
Stop the processes:
# /var/ossec/bin/ossec-control stop # systemctl stop wazuh-api
In case of having a multitier server, remove logstash-forwarder as it has been replaced by Filebeat:
# yum remove logstash-forwarder
# apt-get remove logstash-forwarder
Install the Wazuh server:
The current installation can be upgraded by following the installation guide for the specific operating system.
Once the package is installed, review the
/var/ossec/etc/ossec.conf
configuration file since it will be overwritten. The previous version can be found at theossec.conf.rpmorig
file or theossec.conf.deborig
file. It is recommended to compare the new file with its old version and import previous settings where needed.A backup of the custom rules and decoders will be saved at
/var/ossec/etc/backup_ruleset
. The custom ruleset has to be reapplied. It is recommended to use the/var/ossec/etc/decoders
folder and the/var/ossec/etc/rules
folder for custom rules and decoders as these directories will not be overwritten by future upgrades.Execute the following command to verify the Wazuh server's version:
# /var/ossec/bin/manage_agents -V
Wazuh v2.0 - Wazuh Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License (version 2) as published by the Free Software Foundation.