Registering the Wazuh agents using the command line (CLI)

This method consists on registering the Wazuh agent on the Wazuh manager using manage_agents utility by extracting the registration key from the Wazuh manager and inserting it manually in the Wazuh agent.

Note

Root/Administrator user privileges are necessary to execute all the commands described below.

The Wazuh agent's key extraction from the Wazuh manager

  1. On the CLI of the Wazuh manager's host add the Wazuh agent with manage_agents utility providing new Wazuh agent's name and IP address:

    # /var/ossec/bin/manage_agents -a <agent_IP> -n <agent_name>
    
  2. Find the ID of the Wazuh agent:

    # /var/ossec/bin/manage_agents -l | grep <agent_name>
    

    An example output of the command looks as follows:

    ID: 001, Name: agent_1, IP: any
    
  3. Extract the Wazuh agent's registration key using the Wazuh agent's ID:

    # /var/ossec/bin/manage_agents -e <agent_id>
    

    An example output of the command looks as follows:

    Agent key information for '001' is:
    MDAxIDE4NWVlNjE1Y2YzYiBhbnkgMGNmMDFiYTM3NmMxY2JjNjU0NDAwYmFhZDY1ZWU1YjcyMGI2NDY3ODhkNGQzMjM5ZTdlNGVmNzQzMGFjMDA4Nw==
    

    The key has to be imported to the Wazuh agent to enable communication to the Wazuh manager.

Key insertion to the Wazuh agent and enabling the communication with the Wazuh manager

Choose the tab corresponding to the Wazuh agent's host operating system:

Open a terminal in your Wazuh agent's host as a root user.

  1. Import the registration key to the Wazuh agent using manage_agents utility:

    # /var/ossec/bin/manage_agents -i <key>
    

    An example output of the command should looks as follows:

    Agent information:
        ID:001
        Name:agent_1
        IP Address:any
    
    Confirm adding it?(y/n): y
    Added.
    
  2. To enable the communication with the Wazuh manager, edit the Wazuh agent's configuration file placed at /var/ossec/etc/ossec.conf.

    In the <client><server> section, MANAGER_IP has to be replaced with the Wazuh server's IP address or the DNS name:

    <client>
      <server>
        <address>MANAGER_IP</address>
        ...
      </server>
    </client>
    
  3. Restart the Wazuh agent:

# systemctl restart wazuh-agent