Deploying Wazuh agents on Linux endpoints

The agent runs on the host you want to monitor and communicates with the Wazuh server, sending data in near real-time through an encrypted and authenticated channel.

The deployment of a Wazuh agent on a Linux system uses deployment variables that facilitate the task of installing, registering, and configuring the agent. Alternatively, if you want to download the Wazuh agent package directly, see the packages list section.


You need root user privileges to run all the commands described below.

Add the Wazuh repository

Add the Wazuh repository to download the official packages.

  1. Import the GPG key:

    # rpm --import
  2. Add the repository:

    # cat > /etc/yum.repos.d/wazuh.repo << EOF
    name=EL-\$releasever - Wazuh

Deploy a Wazuh agent

  1. To deploy the Wazuh agent on your endpoint, select your package manager and edit the WAZUH_MANAGER variable to contain your Wazuh manager IP address or hostname.

    # WAZUH_MANAGER="" yum install wazuh-agent

    For additional deployment options such as agent name, agent group, and registration password, see the Deployment variables for Linux section.


    Alternatively, if you want to install an agent without registering it, omit the deployment variables. To learn more about the different registration methods, see the Wazuh agent enrollment section.

  2. Enable and start the Wazuh agent service.

    # systemctl daemon-reload
    # systemctl enable wazuh-agent
    # systemctl start wazuh-agent

The deployment process is now complete, and the Wazuh agent is successfully running on your Linux system.

  • Recommended action - Disable Wazuh updates

    Compatibility between the Wazuh agent and the Wazuh manager is guaranteed when the Wazuh manager version is later than or equal to that of the Wazuh agent. Therefore, we recommend disabling the Wazuh repository to prevent accidental upgrades. To do so, use the following command:

    # sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo