You will need administrator privileges to perform this installation.
The first step to install the Wazuh agent on a Windows machine is to download the Windows installer from the packages list. Once this is downloaded, you can install it using the command line or following the GUI steps:
Using the command line, you can choose between installation or deployment:
To install the Windows agent from the command line, run the installer using the following command (the
/qargument is used for unattended installations)
Using CMD:wazuh-agent-4.0.4-1.msi /q
Using PowerShell:.\wazuh-agent-4.0.4-1.msi /q
You can automate the agent registration and configuration using variables. It is necessary to define at least the variable
AUTHD_SERVER. The agent will use those values to register and assign a Wazuh manager for forwarding events
Using CMD:wazuh-agent-4.0.4-1.msi /q WAZUH_MANAGER="10.0.0.2" WAZUH_REGISTRATION_SERVER="10.0.0.2"
Using PowerShell:.\wazuh-agent-4.0.4-1.msi /q WAZUH_MANAGER="10.0.0.2" WAZUH_REGISTRATION_SERVER="10.0.0.2"
See the following document for additional automated deployment options: deployment variables for Windows.
Using the GUI:
To install the Windows agent from the GUI, run the downloaded file and follow the steps in the installation wizard. If you are not sure how to answer to some of the prompts, simply use the default answers.
Once installed, the agent uses a graphical user interface for configuration, opening the log file or starting and stopping the service.
By default, all agent files will be found in:
C:\Program Files (x86)\ossec-agent.
Now that the agent is installed, the next step is to register and configure it to communicate with the manager. For more information about this process, please visit the document: user manual.
To uninstall the agent, the original MSI file will be needed to perform the unattended process:
msiexec.exe /x wazuh-agent-4.0.4-1.msi /qn