Wazuh server unattended installation

This section will explain how to install the Wazuh manager and Filebeat using an automated script. This script will perform a health check to verify that the system has enough resources to achieve an optimal performance. For more information, please visit the requirements section.

Installing the Wazuh server


Root user privileges are required to run all the commands described below. To download the script the package curl will be used.

Download the installation script:

# curl -so ~/wazuh-server-installation.sh https://raw.githubusercontent.com/wazuh/wazuh-documentation/4.0/resources/elastic-stack/unattended-installation/distributed/wazuh-server-installation.sh

Replace the following variables and run the installation script:

  • <node_name>: Name of the Wazuh server instance (this name must be the same used in config.yml for the certificate creation, e.g. filebeat).

  • <elastic_user_password>: The password of the user elastic generated during the Elasticsearch installation.

# bash ~/wazuh-server-installation.sh -n <node_name> -p <elastic_password>

The installation script allows the following options:



-n / --node-name

Name of the Wazuh server instance

-p / --elastic-password

Elastic user password

-d / --debug

Shows the complete installation output

-i / --ignore-healthcheck

Ignores the health-check

-h / --help

Shows help

In case of installing a multi-node Wazuh cluster, repeat this process in every host.

Configure the installation

After the installation of all the components of the node, some steps must be done manually. Choose the cluster mode between single-node or multi-node:

Once the script finishes the installation, all the components will be ready to use.

To uninstall Wazuh and Filebeat, visit the uninstalling section.