Dan,
Thanks for the breakdown and quick response. The server IP will definitely
change - since they're using centralized config all I'd need to do on the
agents is replace the <server> element in the agent's local ossec.conf
right? (for ease of migration I'm thinking I'll just create a new ossec.conf
containing the correct server IP and then drop it onto all of the agents).
Also, is it absolutely necessary to kill all of the processes on the agents
before the switch and then restart them after the switch? I think they have
50 or 60 windows boxes and I'm trying to streamline if at all possible.
Would it be ok to just drop the ossec.conf file on the agents then after the
new server is up, restart the agent services? (theoretically this would make
them load the new ossec.conf and would save some time...)
Your continued response is sincerely appreciated!
-----Original Message-----
From: dan (ddp)
Sent: Wednesday, June 27, 2012 6:32 AM
To: [email protected]
Subject: Re: [ossec-list] migrating ossec server - work involved?
On Wed, Jun 27, 2012 at 2:33 AM, Glenn Roberts <[email protected]>
wrote:
Hello,
My client wants to migrate the ossec manager server from a CentOS box to a
different CentOS box on a different network. Is there an easy way to do
this? I’ve setup ossec several times but am weary of migrating due to
needing to re-authenticate all the agents and any other caveats I may not
know of lol. Any suggestions, advice, previous experiences would be
appreciated!!
Stop all of the OSSEC processes (agents and server). Install OSSEC on
the new server. Copy configuration files, including client.keys, to
the new server. Copy the rids files over (/var/ossec/queue/rids I
think) to the new server.
On the agents you'll have to change the server-ip setting if the
server's IP changed (also check for this in the new server's
ossec.conf). If it hasn't changed, I don't think you'll have to do
anything.
Start the OSSEC processes on the server. Then start the OSSEC
processes on the agents. Cross your fingers. ;)
Make sure you backup everything you want to keep. This process
"should" work, but can't be guaranteed.
