Windows agents

To register the Windows Agent, you need to start a CMD or a Powershell as Administrator. The installation directory of the Wazuh agent in Windows host depends on the architecture of the host.

  • C:\Program Files (x86)\ossec-agent for x86_64 hosts.

  • C:\Program Files\ossec-agent for x64 hosts.

This guide suppose that the Wazuh agent is installed in a x86_64 host, so the installation path will be: C:\Program Files (x86)\ossec-agent.

After that, you can register the agent using agent-auth.exe.

  1. On the agent, run the agent-auth.exe program, using the manager's IP address.

# C:\Program Files (x86)\ossec-agent\agent-auth.exe -m <MANAGER_IP_ADDRESS>
  1. Edit the Wazuh agent configuration to add the Wazuh server IP address.

In the file C:\Program Files (x86)\ossec-agent\ossec.conf, in the <client><server> section, change the MANAGER_IP value to the Wazuh server address:

<client>
  <server>
    <address>MANAGER_IP</address>
    ...
  </server>
</client>
  1. Start the agent.

    1. Using Powershell with administrator access:

      # Start-Service -Name wazuh
      
    2. Using Windows cmd with administrator access:

      # net stop wazuh
      # net start wazuh