Since Wazuh 4.0, by default, the agent registers automatically with the manager through enrollment. Configuration details can be found on Enrollment section.


The agent-auth program is the client application used along with ossec-authd to automatically add agents to a Wazuh manager.


By default there is no authentication or authorization involved in this transaction, so it is recommended that this daemon only be run when a new agent is being added.

-A <agent_name>

Agent name to be used.

Default Value



Auto negotiate the most secure common SSL/TLS method with the client.


TLS v1.2 only (if supported by the server).

-c <ciphers>

SSL cipher list. The format of this parameter is described in SSL ciphers.




Directory where Wazuh is installed.

Default Value



Run in debug mode, can be repeated to increase the verbosity of messages.

-g <group>

Run as a group.

-G <group>

Assigns the agent to one or more existing groups (separated by commas).


Let the agent IP address be set by the manager connection.


Set the agent IP address


Display the help message

-k <path>

Full path to the agent key.

-m <manager_ip>

IP address of the manager.

-P <password>

Use the specified password instead of searching for it at authd.pass.

If not provided in the file nor on the console,

the client will connect to the server without a password (insecure mode).

-p <port>

Port ossec-authd is running on.

Default Value | 1515


Test configuration.


Display version and license information.

-v <path>

Full path to the CA certificate used to verify the server.

-x <path>

Full path to the agent certificate.