Deploying Wazuh agents on macOS endpoints

The Wazuh agent runs on the endpoint you want to monitor and communicates with the Wazuh manager, sending data in near real-time through an encrypted and authenticated channel.

Note

You need root user privileges to run all the commands described below.

  1. To start the installation process, download the Wazuh agent according to your architecture:

  2. Select the installation method you want to follow: Command line interface (CLI) or graphical user interface (GUI).

    1. To deploy the Wazuh agent on your endpoint, choose your architecture, edit the WAZUH_MANAGER variable to contain your Wazuh manager IP address or hostname, and run the following command.

      # echo "WAZUH_MANAGER='10.0.0.2'" > /tmp/wazuh_envs && sudo installer -pkg wazuh-agent-4.13.1-1.intel64.pkg -target /
      

      For additional deployment options such as agent name, agent group, and enrollment password, see the Deployment variables for macOS section.

      Note

      Alternatively, if you want to install an agent without enrolling it, omit the deployment variables. To learn more about the different enrollment methods, see the Wazuh agent enrollment section.

    2. Start the Wazuh agent to complete the installation process:

      # launchctl bootstrap system /Library/LaunchDaemons/com.wazuh.agent.plist
      

    The installation process is now complete, and the Wazuh agent is successfully deployed and running on your macOS endpoint.

By default, all agent files are stored in /Library/Ossec/ after the installation.