Moving from alienvault ossim to Wazuh
298 views
Skip to first unread message
Bret Bogard
Apr 5, 2021, 12:08:12 PM4/5/21
to Wazuh mailing list
As the title says, we are moving from alienvault ossim to Wazuh. I have run into a stumbling block though. We installed the OSSEC-Agent with alienvault on around 100 domain machines.
Now when i try to install Wazuh, it installs, but doesnt launch , due to the OSSEC-agent from alienvault.
Has anyone run into this and come across an easy solution, other than removing the ossec-agent individually from each machine its on, then installing the Wazuh agent?
Now when i try to install Wazuh, it installs, but doesnt launch , due to the OSSEC-agent from alienvault.
Has anyone run into this and come across an easy solution, other than removing the ossec-agent individually from each machine its on, then installing the Wazuh agent?
Jesus Linares
Apr 6, 2021, 12:21:59 PM4/6/21
to Wazuh mailing list
Hi Bret,
The first step for this migration is installing the Wazuh manager. Then, you don't really need to update the OSSEC agents since Wazuh is compatible with OSSEC agents. Of course, there are some capabilities that will not be available for them. So, just export your current client.keys to the new manager, point the agents to this new manager and restart them.
> Now when i try to install Wazuh, it installs, but doesnt launch , due to the OSSEC-agent from alienvault.
Ideally, you should update the OSSEC agents to Wazuh in order to use all the new features. I understand that you are executing the package (rpm/deb) and it throws an error. What is exactly the error? What OSSEC version are you running and in what OS?
I hope it helps.
Jesus Linares
Apr 7, 2021, 4:16:32 AM4/7/21
to Wazuh mailing list
Hi Bret,
I forgot to send you the guide to migrate from OSSEC to Wazuh. Please, take a look at it: https://documentation.wazuh.com/current/migrating-from-ossec/index.html#how-to-move-to-wazuh.
Regards.
Bret Bogard
Apr 7, 2021, 2:30:13 PM4/7/21
to Wazuh mailing list
I atttempted ot upgrade, But ended up with uissues , Started a new server and went that route.
Appriceate the asisstance
Was wondering why ther eis an OVA for testing only, but no OVA for production, it says to not use the OVA for production? Is there a difference in the platform other than storage and ram etc? ?
Appriceate the asisstance
Was wondering why ther eis an OVA for testing only, but no OVA for production, it says to not use the OVA for production? Is there a difference in the platform other than storage and ram etc? ?
Jesus Linares
Apr 8, 2021, 3:19:07 AM4/8/21
to Wazuh mailing list
Hi Bret,
> I atttempted ot upgrade, But ended up with uissues , Started a new server and went that route.
> Appriceate the asisstanceGreat! Let us know if you need help with the migration.
> Was wondering why ther eis an OVA for testing only, but no OVA for production, it says to not use the OVA for production? Is there a difference in the platform other than storage and ram etc? ?
Well, the OVA was designed to do a quick test of Wazuh. It is not recommended for production because you should design your own architecture in order to suit your production environment.
Of course, for small environments, it could be enough to have the Wazuh manager, the indexer (Elasticsearch), and the WUI (Kibana) on the same server. If you go with the OVA, please, remember to change the default credentials.
I hope it helps.
Bret Bogard
Apr 8, 2021, 10:05:47 AM4/8/21
to Wazuh mailing list
Indeed.
Currently testing the OVA, but is there an upgrade path from OVA, or do you have to build a new server?
Currently testing the OVA, but is there an upgrade path from OVA, or do you have to build a new server?
Franco Charriol
Apr 9, 2021, 10:46:40 AM4/9/21
to Wazuh mailing list
Hi Bret,
If you mean to upgrade the Wazuh version from a prev OVA installation, you could follow this guide as any other installation. You'll able to upgrade your components from the VM.
If this is not the case, please let me know.
Best
If you mean to upgrade the Wazuh version from a prev OVA installation, you could follow this guide as any other installation. You'll able to upgrade your components from the VM.
If this is not the case, please let me know.
Best
Reply all
Reply to author
Forward
0 new messages