On Wed, Jun 27, 2012 at 2:33 AM, Glenn Roberts <[email protected]> wrote: > Hello, > > My client wants to migrate the ossec manager server from a CentOS box to a > different CentOS box on a different network. Is there an easy way to do > this? I’ve setup ossec several times but am weary of migrating due to > needing to re-authenticate all the agents and any other caveats I may not > know of lol. Any suggestions, advice, previous experiences would be > appreciated!!
Stop all of the OSSEC processes (agents and server). Install OSSEC on the new server. Copy configuration files, including client.keys, to the new server. Copy the rids files over (/var/ossec/queue/rids I think) to the new server. On the agents you'll have to change the server-ip setting if the server's IP changed (also check for this in the new server's ossec.conf). If it hasn't changed, I don't think you'll have to do anything. Start the OSSEC processes on the server. Then start the OSSEC processes on the agents. Cross your fingers. ;) Make sure you backup everything you want to keep. This process "should" work, but can't be guaranteed.
