Installing Wazuh agents on macOS endpoints

The agent runs on the endpoint you want to monitor and communicates with the Wazuh server, sending data in near real-time through an encrypted and authenticated.


You need root user privileges to run all the commands described below.

  1. To start the installation process, download the Wazuh agent according to your architecture:

  2. Select the installation method you want to follow: Command line interface (CLI) or graphical user interface (GUI).

    1. To deploy the Wazuh agent on your endpoint, choose your architecture, edit the WAZUH_MANAGER variable to contain your Wazuh manager IP address or hostname, and run the following command.

      # echo "WAZUH_MANAGER=''" > /tmp/wazuh_envs && installer -pkg wazuh-agent-4.8.0-1.intel64.pkg -target /

      For additional deployment options such as agent name, agent group, and registration password, see the Deployment variables for macOS section.


      Alternatively, if you want to install an agent without registering it, omit the deployment variables. To learn more about the different registration methods, see the Wazuh agent enrollment section.

    2. To complete the installation process, start the Wazuh agent.

      # /Library/Ossec/bin/wazuh-control start

    The installation process is now complete, and the Wazuh agent is successfully deployed and running on your macOS endpoint.

By default, all agent files are stored in /Library/Ossec/ after the installation.