This is the documentation for Wazuh 3.12. Check out the docs for the latest version of Wazuh!

Registering the Wazuh agents using the command line (CLI)

This method consists on registering the Wazuh agent on the Wazuh manager using manage_agents utility by extracting the registration key from the Wazuh manager and inserting it manually in the Wazuh agent.

Note

Root/Administrator user privileges are necessary to execute all the commands described below.

The Wazuh agent’s key extraction from the Wazuh manager

  1. On the CLI of the Wazuh manager’s host add the Wazuh agent with manage_agents utility providing new Wazuh agent’s name and IP address:

    # /var/ossec/bin/manage_agents -a <agent_IP> -n <agent_name>
    
  2. Find the ID of the Wazuh agent:

    # /var/ossec/bin/manage_agents -l | grep <agent_name>
    

    An example output of the command looks as follows:

    ID: 001, Name: agent_1, IP: any
    
  3. Extract the Wazuh agent’s registration key using the Wazuh agent’s ID:

    # /var/ossec/bin/manage_agents -e <agent_id>
    

    An example output of the command looks as follows:

    Agent key information for '001' is:
    MDAxIDE4NWVlNjE1Y2YzYiBhbnkgMGNmMDFiYTM3NmMxY2JjNjU0NDAwYmFhZDY1ZWU1YjcyMGI2NDY3ODhkNGQzMjM5ZTdlNGVmNzQzMGFjMDA4Nw==
    

    The key has to be imported to the Wazuh agent to enable communication to the Wazuh manager.

Key insertion to the Wazuh agent and enabling the communication with the Wazuh manager

Choose the tab corresponding to the Wazuh agent’s host operating system:

Open a terminal in your Wazuh agent’s host as a root user.

  1. Import the registration key to the Wazuh agent using manage_agents utility:

    # /var/ossec/bin/manage_agents -i <key>
    

    An example output of the command should looks as follows:

    Agent information:
        ID:001
        Name:agent_1
        IP Address:any
    
    Confirm adding it?(y/n): y
    Added.
    
  2. To enable the communication with the Wazuh manager, edit the Wazuh agent’s configuration file placed at /var/ossec/etc/ossec.conf.

    In the <client><server> section, MANAGER_IP has to be replaced with the Wazuh server’s IP address or the DNS name:

    <client>
      <server>
        <address>MANAGER_IP</address>
        ...
      </server>
    </client>
    
  3. Restart the Wazuh agent:

# systemctl restart wazuh-agent
# service wazuh-agent restart
# /var/ossec/bin/ossec-control restart

Open a a Powershell or CMD session in your Wazuh agent’s host as an Administrator.

The Wazuh agent’s installation directory depends on the architecture of the host:

  • C:\Program Files (x86)\ossec-agent for x86_64 hosts.
  • C:\Program Files\ossec-agent for x86 hosts.

Note

This guide supposes that the Wazuh agent is installed in a x86_64 host. The installation path will be: C:\Program Files (x86)\ossec-agent.

  1. Import the registration key to the Wazuh agent using manage_agents utility:

    # 'C:\Program Files (x86)\ossec-agent\manage_agents' -i <key>
    

    The example output of the command should looks as follows:

    Agent information:
        ID:001
        Name:agent_1
        IP Address:any
    
    Confirm adding it?(y/n): y
    Added.
    
  2. To enable the communication with the Wazuh manager, edit the Wazuh agent’s configuration file placed at C:\Program Files (x86)\ossec-agent\ossec.conf.

    In the <client><server> section, MANAGER_IP has to be replaced with the Wazuh server’s IP address or the DNS name:

    <client>
      <server>
        <address>MANAGER_IP</address>
        ...
      </server>
    </client>
    
  3. Restart the Wazuh agent:

# Restart-Service -Name wazuh
# net stop wazuh
# net start wazuh

Open a terminal in your Wazuh agent’s host as a root user.

  1. Import the registration key to the Wazuh agent using manage_agents utility:

    # /Library/Ossec/bin/manage_agents -i <key>
    

    An example output of the command should looks as follows:

    Agent information:
         ID:001
         Name:agent_1
         IP Address:any
    
    Confirm adding it?(y/n): y
    Added.
    
  2. To enable the communication with the Wazuh manager, edit the Wazuh agent’s configuration file placed at /Library/Ossec/etc/ossec.conf.

    In the <client><server> section, MANAGER_IP has to be replaced with the Wazuh server’s IP address or the DNS name:

    <client>
      <server>
        <address>MANAGER_IP</address>
        ...
      </server>
    </client>
    
  3. Restart the Wazuh agent:

# /Library/Ossec/bin/ossec-control restart