ossec-hids icon indicating copy to clipboard operation
ossec-hids copied to clipboard
verified publisher icon ossec

Request: Upgrade Guide from 2.x to 3.x

Open nitrocode opened this issue 6 years ago • 4 comments

Hello. We currently run 2.9.4 and run into the 1000 dead agents issue and would like to upgrade to the latest version to take advantage of the -F switch to "Remove agents with duplicated IP if disconnected since seconds." (https://github.com/wazuh/wazuh/issues/125)

  1. How would it be possible to upgrade with zero downtime? We're on CentOS 7.x.
  2. Could we just download the tar.gz file, compile it, backup the current server, and then run the new server?
  3. Do we then need to upgrade each agent or does the server take care of that?
  4. Anything else that may be valuable that we may be forgetting about?

Thank you.

nitrocode avatar Feb 01 '19 18:02 nitrocode

I find that exporting to syslog CEF stops working after going to 3.2. The way it is configured differently but I have not been able to figure out what I need to change. An upgrade guide will be valuable.

danie-dejager avatar Feb 07 '19 10:02 danie-dejager

@nitrocode 1. There will be downtime when you restart the OSSEC processes on the OSSEC server. Unless, I guess, if you create a new OSSEC server and copy the agents over. Then update each agent to the new version and new server. 2. That's generally the upgrades go if you install from source. 3. You need to update the agents.

ddpbsd avatar Feb 07 '19 11:02 ddpbsd

@dangarthwaite I'll see if I have a 3.1 host or 2 left and try to write an upgrade guide.

ddpbsd avatar Feb 07 '19 11:02 ddpbsd

@ddpbsd Any updates on being able to get an upgrade guide from 2.x to 3.x?

spiderfiend avatar Jul 17 '20 21:07 spiderfiend