Uninstalling Wazuh with Elastic Stack
This document includes instructions to uninstall the Wazuh components.
Uninstall the Wazuh manager
Remove the Wazuh manager installation.
# yum remove wazuh-managerThere are files marked as configuration files. Due to this designation, the package manager does not remove those files from the filesystem. The complete file removal action is on user's responsibility. It can be done by removing the folder
/var/ossec.# apt-get remove wazuh-managerThere are certain files marked as configuration files. Due to this designation, the package manager does not remove those files from the filesystem. A complete file removal can be done using the following command:
# apt-get remove --purge wazuh-manager# zypper remove wazuh-managerThere are files marked as configuration files. Due to this designation, the package manager does not remove those files from the filesystem. The complete file removal action is on user's responsibility. It can be done by removing the folder
/var/ossec.Disable the Wazuh manager service.
# systemctl disable wazuh-manager # systemctl daemon-reload
Choose one option according to your operating system.
RPM-based operating systems:
# chkconfig wazuh-manager off # chkconfig --del wazuh-manager
Debian-based operating systems:
# update-rc.d -f wazuh-manager remove
Uninstall Filebeat
# yum remove filebeat
# apt-get remove filebeat
The Filebeat complete file removal can be accomplished with the following command:
# apt-get remove --purge filebeat
# apt-get remove filebeat
The Filebeat complete file removal can be accomplished with the following command:
# apt-get remove --purge filebeat
Uninstall Elasticsearch
# yum remove elasticsearch
There are files marked as configuration and data files. Due to this designation, the package manager does not remove those files from the filesystem. The complete file removal action is on user's responsibility. It can be done by removing the folder /var/lib/elasticsearch and /etc/elasticsearch.
# apt-get remove elasticsearch
There are files marked as configuration and data files. Due to this designation, the package manager does not remove those files from the filesystem. A complete file removal can be done using the following command:
# apt-get remove --purge elasticsearch
# zypper remove elasticsearch
There are files marked as configuration and data files. Due to this designation, the package manager does not remove those files from the filesystem. The complete file removal action is on user's responsibility. It can be done by removing the folder /var/lib/elasticsearch and /etc/elasticsearch.
Uninstall Kibana
# yum remove kibana
There are files marked as configuration and data files. Due to this designation, the package manager does not remove those files from the filesystem. The complete file removal action is on user's responsibility. It can be done by removing the folder /var/lib/kibana and /etc/kibana.
# apt-get remove kibana
There are files marked as configuration and data files. Due to this designation, the package manager does not remove those files from the filesystem. A complete file removal can be done using the following command:
# apt-get remove --purge kibana
# zypper remove kibana
There are files marked as configuration and data files. Due to this designation, the package manager does not remove those files from the filesystem. The complete file removal action is on user's responsibility. It can be done by removing the folder /var/lib/kibana and /etc/kibana.