Registering the Wazuh agents using the command line (CLI)
This method consists on registering the Wazuh agent on the Wazuh manager using manage_agents utility by extracting the registration key from the Wazuh manager and inserting it manually in the Wazuh agent.
Note
Root/Administrator user privileges are necessary to execute all the commands described below.
The Wazuh agent's key extraction from the Wazuh manager
On the CLI of the Wazuh manager's host add the Wazuh agent with
manage_agentsutility providing new Wazuh agent's name and IP address:# /var/ossec/bin/manage_agents -a <agent_IP> -n <agent_name>Find the
IDof the Wazuh agent:# /var/ossec/bin/manage_agents -l | grep <agent_name>
An example output of the command looks as follows:
ID: 001, Name: agent_1, IP: any
Extract the Wazuh agent's registration key using the Wazuh agent's ID:
# /var/ossec/bin/manage_agents -e <agent_id>An example output of the command looks as follows:
Agent key information for '001' is: MDAxIDE4NWVlNjE1Y2YzYiBhbnkgMGNmMDFiYTM3NmMxY2JjNjU0NDAwYmFhZDY1ZWU1YjcyMGI2NDY3ODhkNGQzMjM5ZTdlNGVmNzQzMGFjMDA4Nw==
The
keyhas to be imported to the Wazuh agent to enable communication to the Wazuh manager.
Key insertion to the Wazuh agent and enabling the communication with the Wazuh manager
Choose the tab corresponding to the Wazuh agent's host operating system:
Open a terminal in your Wazuh agent's host as a root user.
Import the registration key to the Wazuh agent using
manage_agentsutility:# /var/ossec/bin/manage_agents -i <key>An example output of the command should looks as follows:
Agent information: ID:001 Name:agent_1 IP Address:any Confirm adding it?(y/n): y Added.To enable the communication with the Wazuh manager, edit the Wazuh agent's configuration file placed at
/var/ossec/etc/ossec.conf.In the
<client><server>section,MANAGER_IPhas to be replaced with the Wazuh server's IP address or the DNS name:<client> <server> <address>MANAGER_IP</address> ... </server> </client>
Restart the Wazuh agent:
# systemctl restart wazuh-agent# service wazuh-agent restart# /var/ossec/bin/ossec-control restart
Open a a Powershell or CMD session in your Wazuh agent's host as an Administrator.
The Wazuh agent's installation directory depends on the architecture of the host:
C:\Program Files (x86)\ossec-agentforx86_64hosts.
C:\Program Files\ossec-agentforx86hosts.Note
This guide supposes that the Wazuh agent is installed in a
x86_64host. The installation path will be:C:\Program Files (x86)\ossec-agent.
Import the registration key to the Wazuh agent using
manage_agentsutility:# 'C:\Program Files (x86)\ossec-agent\manage_agents' -i <key>
The example output of the command should looks as follows:
Agent information: ID:001 Name:agent_1 IP Address:any Confirm adding it?(y/n): y Added.To enable the communication with the Wazuh manager, edit the Wazuh agent's configuration file placed at
C:\Program Files (x86)\ossec-agent\ossec.conf.In the
<client><server>section,MANAGER_IPhas to be replaced with the Wazuh server's IP address or the DNS name:<client> <server> <address>MANAGER_IP</address> ... </server> </client>
Restart the Wazuh agent:
# Restart-Service -Name wazuh# net stop wazuh # net start wazuh
Open a terminal in your Wazuh agent's host as a root user.
Import the registration key to the Wazuh agent using
manage_agentsutility:# /Library/Ossec/bin/manage_agents -i <key>An example output of the command should looks as follows:
Agent information: ID:001 Name:agent_1 IP Address:any Confirm adding it?(y/n): y Added.To enable the communication with the Wazuh manager, edit the Wazuh agent's configuration file placed at
/Library/Ossec/etc/ossec.conf.In the
<client><server>section,MANAGER_IPhas to be replaced with the Wazuh server's IP address or the DNS name:<client> <server> <address>MANAGER_IP</address> ... </server> </client>
Restart the Wazuh agent:
# /Library/Ossec/bin/ossec-control restart