update from source to 4.10
88 views
Skip to first unread message
ΣЯMЦЯΣПZ
Jan 17, 2025, 1:15:41 AM1/17/25
to Wazuh | Mailing List
Hi everyone, I have a question.
Does the new wazuh 4.10.0 version have GEOIP support enabled by default?
I ask because for version 4.9.2 it is necessary to install from sources with the option USE_GEOIP=yes
I recently installed version 4.9.2 in this way.
Instead, I installed the dashboard and indexer components from apt.
So far so good.
I may not have searched well in the documentation but I can't find the upgrade procedure in the case of a manager installation performed in this way.
I would like to avoid having to reinstall everything from scratch.
Any help is welcome.
Thanks in advance.
Emanuele
Does the new wazuh 4.10.0 version have GEOIP support enabled by default?
I ask because for version 4.9.2 it is necessary to install from sources with the option USE_GEOIP=yes
I recently installed version 4.9.2 in this way.
Instead, I installed the dashboard and indexer components from apt.
So far so good.
I may not have searched well in the documentation but I can't find the upgrade procedure in the case of a manager installation performed in this way.
I would like to avoid having to reinstall everything from scratch.
Any help is welcome.
Thanks in advance.
Emanuele
hasitha.u...@wazuh.com
Jan 17, 2025, 1:54:15 AM1/17/25
to Wazuh | Mailing List
Hi ΣЯMЦЯΣПZ,
Currently, you need to follow the same process to enable GEOIP details, Actually, this will be available on Wazuh 5.0 as mentioned earlier in this issue.
https://github.com/wazuh/wazuh/issues/21833
You can find the available release notes of Wazuh 4.10.
https://wazuh.com/blog/introducing-wazuh-4-10-0/
https://documentation.wazuh.com/current/release-notes/release-4-10-0.html
You need to compiled the Wazuh manager with USE_GEOIP=yes flag.
It also requires a GeoIP database: We support the legacy Maxmind GeoLite format, and the updated and maintained databases use the new GeoLite2 format. It should be converted to the legacy format using an external tool.
It requires additional configuration sections on internal_options.conf and ossec.conf file.
It allows using custom Wazuh rules that use GeoIP lookup results as part of the rule criteria.
You can read the setting details here.
https://github.com/wazuh/wazuh/issues/4053
Let me know if this helps.
Regards,
Hasitha Upekshitha
Currently, you need to follow the same process to enable GEOIP details, Actually, this will be available on Wazuh 5.0 as mentioned earlier in this issue.
https://github.com/wazuh/wazuh/issues/21833
You can find the available release notes of Wazuh 4.10.
https://wazuh.com/blog/introducing-wazuh-4-10-0/
https://documentation.wazuh.com/current/release-notes/release-4-10-0.html
You need to compiled the Wazuh manager with USE_GEOIP=yes flag.
It also requires a GeoIP database: We support the legacy Maxmind GeoLite format, and the updated and maintained databases use the new GeoLite2 format. It should be converted to the legacy format using an external tool.
It requires additional configuration sections on internal_options.conf and ossec.conf file.
It allows using custom Wazuh rules that use GeoIP lookup results as part of the rule criteria.
You can read the setting details here.
https://github.com/wazuh/wazuh/issues/4053
Let me know if this helps.
Regards,
Hasitha Upekshitha
ΣЯMЦЯΣПZ
Jan 17, 2025, 3:54:55 AM1/17/25
to Wazuh | Mailing List
hi
Hasitha
,
thank you for the usefull information.
in the end I found the correct way: as you also suggested, it was necessary to perform the same procedure again,
with the difference this time that , when I launched install.sh , it itself verified the presence of a previous installation and prompted me
with "there is a previous version, do you want to upgrade it?
In short, I was able to update to version 4.10 without problems.
A thousand thanks
thank you for the usefull information.
in the end I found the correct way: as you also suggested, it was necessary to perform the same procedure again,
with the difference this time that , when I launched install.sh , it itself verified the presence of a previous installation and prompted me
with "there is a previous version, do you want to upgrade it?
In short, I was able to update to version 4.10 without problems.
A thousand thanks
hasitha.u...@wazuh.com
Jan 17, 2025, 4:13:23 AM1/17/25
to Wazuh | Mailing List
Hi ΣЯMЦЯΣПZ,
You're very welcome!
I'm glad to hear your issue was resolved!
If you run into any other challenges or need assistance in the future, feel free to reach out.
Regards,
Hasitha Upekshitha
You're very welcome!
I'm glad to hear your issue was resolved!
If you run into any other challenges or need assistance in the future, feel free to reach out.
Regards,
Hasitha Upekshitha
Reply all
Reply to author
Forward
0 new messages