Need to change IP and Name of Wazuh server

[Tom Powers]

Hello all,

Were running on Ubuntu 20.04 lts with the Elastic Basic Licenses for all in one Wazuh 4.2.X

We need to change the IP address of the server and the name.

The IP and Name change in Ubuntu is easy, but what will have to be done to the Elastic/Filebeat/Wazuh configs to make this change?

Will we need to reissue the SSL certs that we originally made here:

https://documentation.wazuh.com/current/deployment-options/elastic-stack/all-in-one-deployment/index.html

We already have the script to change out the client side.

All insight is appreciated

Thanks

TP

[Maximiliano Ibarra]

Hi Tomas.
First of all, thanks for contacting us.

Yes, when you change your server IP, only need to change it on your agent config and on your wazuh.yml (wazuh plugin).

1. Edit your agents /var/ossec/etc/ossec.conf, adding your new ip and manager name.
   <client>
         <server>
           <address>MANAGER_IP</address>
         </server>
    </client>
   Related doc: https://documentation.wazuh.com/current/user-manual/agent-enrollment/via-agent-configuration/linux-endpoint.html
2. Edit your wazuh.yml. This is for telling the UI which is the API IP o URL. 
   hosts:
       - <id>:
           url: http(s)://<your new IP or url>
           port: <port>
           username: <username>
           password: <password>

         Related doc: https://documentation.wazuh.com/current/user-manual/wazuh-dashboard/config-file.html#basic-options

Also, I have a question for you. Can you tell me if your Elasticsearch IP has changed?  If your elasticsearch IP changes, you will need to edit de kibana.yml and write the correct elasticsearch IP.
I hope this helps you.
Best regards

[Tom Powers]

Yes... the server is an all in one so the elasticsearch will have it's IP changed as well.

Since the machine name and IP will be changing, do I need to reissue the certificates that were created when I first built the system or will those still work?

Thanks

TP