Windows agents

To register the Windows Agent, you need to start a CMD or a Powershell as Administrator. The installation directory of the Wazuh agent in Windows host depends on the architecture of the host.

  • C:\Program Files (x86)\ossec-agent for x86_64 hosts.

  • C:\Program Files\ossec-agent for x64 hosts.

This guide suppose that the Wazuh agent is installed in a x86_64 host, so the installation path will be: C:\Program Files (x86)\ossec-agent.

After that, you can register the agent using agent-auth.exe:

  1. Copy the CA (.pem file) to the C:\Program Files (x86)\ossec-agent folder and run the agent-auth program:

# cp rootCA.pem C:\Program Files (x86)\ossec-agent
# C:\Program Files (x86)\ossec-agent\agent-auth.exe -m 192.168.1.2 -v C:\Program Files (x86)\ossec-agent\rootCA.pem
  1. Edit the Wazuh agent configuration to add the Wazuh server IP address.

In the file C:\Program Files (x86)\ossec-agent\ossec.conf, in the <client><server> section, change the MANAGER_IP value to the Wazuh server address:

<client>
  <server>
    <address>MANAGER_IP</address>
    ...
  </server>
</client>
  1. Start the agent.

    1. Using Powershell with administrator access:

      # Restart-Service -Name wazuh
      
    2. Using Windows cmd with administrator access:

      # net stop wazuh
      # net start wazuh