# Upgrading Wazuh Central Components Ensure you have added the Wazuh repository to every Wazuh indexer, server, and dashboard node before proceeding to perform the upgrade actions. Adding the necessary dependencies : ```bash apt-get install gnupg apt-transport-https ``` Adding the updated GPG keys for the next stable version & adding repositories : ```bash curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list apt-get update ``` we have installed all the dependencies and repos now we will start updating the central components one at a time. Stopping Filebeat & the Dashboard service to ensure smooth updates : ```bash systemctl stop filebeat systemctl stop wazuh-dashboard ``` *** ## Upgrading Wazuh Indexer The Wazuh indexer cluster remains operational throughout the upgrade. The rolling upgrade process allows nodes to be updated one at a time, ensuring continuous service availability and minimizing disruptions. The steps detailed in the following sections apply to both single-node and multi-node Wazuh indexer clusters. #### Preparing the Wazuh indexer cluster for Upgrade Perform the following steps on any of the Wazuh indexer nodes replacing ``, ``, and ``. 1. Disable shard replication to prevent shard replicas from being created while Wazuh indexer nodes are being taken offline for the upgrade. ```bash curl -X PUT "https://:9200/_cluster/settings" \ -u : -k -H "Content-Type: application/json" -d ' { "persistent": { "cluster.routing.allocation.enable": "primaries" } }' ``` The output should look like : ```bash { "acknowledged" : true, "persistent" : { "cluster" : { "routing" : { "allocation" : { "enable" : "primaries" } } } }, "transient" : {} } ``` 2. Perform a flush operation on the cluster to commit transaction log entries to the index. ```bash curl -X POST "https://:9200/_flush" -u : -k ``` The output should look like : ```bash { "_shards" : { "total" : 19, "successful" : 19, "failed" : 0 } } ``` Run the following command on the Wazuh manager node(s) if running a single-node Wazuh indexer cluster. ```bash systemctl stop wazuh-manager ``` #### Upgrading the Wazuh indexer nodes ```bash systemctl stop wazuh-indexer apt-get install wazuh-indexer systemctl daemon-reload systemctl enable wazuh-indexer systemctl start wazuh-indexer ``` #### Post-upgrade actions Perform the following steps on any of the Wazuh indexer nodes replacing ``, ``, and ``. Check that the newly upgraded Wazuh indexer nodes are in the cluster. ``` # curl -k -u : https://:9200/_cat/nodes?v ``` Re-enable shard allocation. ``` curl -X PUT "https://:9200/_cluster/settings" \ -u : -k -H "Content-Type: application/json" -d ' { "persistent": { "cluster.routing.allocation.enable": "all" } } ' ``` Output ``` { "acknowledged" : true, "persistent" : { "cluster" : { "routing" : { "allocation" : { "enable" : "all" } } } }, "transient" : {} } ``` Starting the wazuh manager again ```bash systemctl start wazuh-manager ``` *** ## Upgrading Wazuh Server ```bash apt-get install wazuh-manager ``` #### Configuring Filebeat : ```bash curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | sudo tar -xvz -C /usr/share/filebeat/module ``` Download the alerts template: ``` curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v4.11.0/extensions/elasticsearch/7.x/wazuh-template.json chmod go+r /etc/filebeat/wazuh-template.json ``` Restarting Services : ```bash systemctl daemon-reload systemctl enable filebeat systemctl start filebeat ``` Upload the new Wazuh template and pipelines for Filebeat: ``` filebeat setup --pipelines filebeat setup --index-management -E output.logstash.enabled=false ``` *** ## Upgrading Wazuh Dashboard Backup the `/etc/wazuh-dashboard/opensearch_dashboards.yml` file to save your settings. For example, create a copy of the file using the following command: ```bash cp /etc/wazuh-dashboard/opensearch_dashboards.yml /etc/wazuh-dashboard/opensearch_dashboards.yml.old ``` Upgrade the Wazuh dashboard. {% code overflow="wrap" %} ```bash apt-get install wazuh-dashboard # Note When prompted, choose to replace the /etc/wazuh-dashboard/opensearch_dashboards.yml file with the updated version. ``` {% endcode %} Manually reapply any configuration changes to the `/etc/wazuh-dashboard/opensearch_dashboards.yml` file. Ensure that the values of `server.ssl.key` and `server.ssl.certificate` match the files located in `/etc/wazuh-dashboard/certs/`. Ensure the value of `uiSettings.overrides.defaultRoute` in the `/etc/wazuh-dashboard/opensearch_dashboards.yml` file is set to `/app/wz-home` Restart the Wazuh dashboard: ```bash systemctl daemon-reload systemctl enable wazuh-dashboard systemctl start wazuh-dashboard ``` You can now access the Wazuh dashboard via: `https:///app/wz-home`.
*** ## Updating Plugins : Note that the upgrade process doesn't update plugins installed manually. Outdated plugins might cause the upgrade to fail. 1. Run the following command on the Wazuh dashboard server to list installed plugins and identify those that require an update: ``` # sudo -u wazuh-dashboard /usr/share/wazuh-dashboard/bin/opensearch-dashboards-plugin list ``` In the output, plugins that require an update will be labeled as "outdated". 2. Remove the outdated plugins and reinstall the latest version replacing `` with the name of the plugin: ``` # sudo -u wazuh-dashboard /usr/share/wazuh-dashboard/bin/opensearch-dashboards-plugin remove # sudo -u wazuh-dashboard /usr/share/wazuh-dashboard/bin/opensearch-dashboards-plugin install ``` *** ## Checking Updated versions ```bash apt list --installed wazuh-indexer apt list --installed wazuh-manager apt list --installed wazuh-dashboard ```