This is the documentation for Wazuh 3.9. Check out the docs for the latest version of Wazuh!

Windows agents

To register the Windows Agent, you need to start a CMD or a Powershell as Administrator. The installation directory of the Wazuh agent in Windows host depends on the architecture of the host.

  • C:\Program Files (x86)\ossec-agent for x86_64 hosts.
  • C:\Program Files\ossec-agent for x64 hosts.

This guide suppose that the Wazuh agent is installed in a x86_64 host, so the installation path will be: C:\Program Files (x86)\ossec-agent.

After that, you can register the agent using agent-auth.exe:

  1. Copy the newly created certificate (.cert file) and its key (.key file) to the C:\Program Files (x86)\ossec-agent folder and run the agent-auth program. For example, if the manager’s IP address is 192.168.1.2:

    # cp sslagent.cert sslagent.key C:\Program Files (x86)\ossec-agent
    # C:\Program Files (x86)\ossec-agent\agent-auth.exe -m 192.168.1.2 -x C:\Program Files (x86)\ossec-agent\sslagent.cert -k C:\Program Files (x86)\ossec-agent\sslagent.key
    
  2. Edit the Wazuh agent configuration to add the Wazuh server IP address.

In the file C:\Program Files (x86)\ossec-agent\ossec.conf, in the <client><server> section, change the MANAGER_IP value to the Wazuh server address:

<client>
  <server>
    <address>MANAGER_IP</address>
    ...
  </server>
</client>
  1. Start the agent.

    1. Using Powershell with administrator access:

      # Restart-Service -Name wazuh
      
    2. Using Windows cmd with administrator access:

      # net stop wazuh
      # net start wazuh