This document will guide you to install or deploy the Wazuh agent.


To execute the commands described below, root privileges are required.

Adding the Wazuh repository

  1. Import the GPG key:

    # rpm --import
  2. Add the repository:

    # cat > /etc/yum.repos.d/wazuh.repo << EOF
    name=EL-$releasever - Wazuh

Installing Wazuh agent

  1. Install the Wazuh agent on your terminal. You can choose between installation or deployment:

    1. Installation:

    # yum install wazuh-agent-4.0.4-1

    Once the agent is installed, the next step is to register it and configure it to communicate with the manager. For more information on this process, visit the user manual section.

    1. Deployment:

    The registration and configuration of the agent can be automated using variables. It is necessary to define, at least, the variable WAZUH_MANAGER. The agent will use this value to register and this will be the assigned manager for forwarding events.

    # WAZUH_MANAGER="" yum install wazuh-agent-4.0.4-1

    See the following document for additional deployment options: deployment variables.

  2. Enable the service

# systemctl daemon-reload
# systemctl enable wazuh-agent
# systemctl start wazuh-agent

(Optional) Disable Wazuh updates:

The version of the Wazuh manager is recommended to be greater than or equal to that of the Wazuh agents. Therefore, we recommend disabling the Wazuh repository to prevent accidental upgrades. To do so, use the following command:

# sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo

Visit our packages list section to download the Wazuh agent package directly or to check the compatible versions.


To uninstall the agent:

# yum remove wazuh-agent

Some files are marked as configuration files. Due to this designation, the package manager does not remove these files from the filesystem. The complete file deletion action is the responsibility of the user and can be done by deleting the folder /var/ossec.