Installing Wazuh agents on macOS endpoints

The agent runs on the endpoint you want to monitor and communicates with the Wazuh server, sending data in near real-time through an encrypted and authenticated.

1. To start the installation process, download the Wazuh agent according to your architecture:

   • Intel: wazuh-agent-4.7.3-1.intel64.pkg. Suitable for macOS Sierra and later.

   • Apple silicon: wazuh-agent-4.7.3-1.arm64.pkg. Suitable for macOS Big Sur and later.

2. Select the installation method you want to follow: Command line interface (CLI) or graphical user interface (GUI).

   CLIGUI

   1. To deploy the Wazuh agent on your endpoint, choose your architecture, edit the WAZUH_MANAGER variable to contain your Wazuh manager IP address or hostname, and run the following command.

      IntelApple silicon

      # echo "WAZUH_MANAGER='10.0.0.2'" > /tmp/wazuh_envs && installer -pkg wazuh-agent-4.7.3-1.intel64.pkg -target /
      

      For additional deployment options such as agent name, agent group, and registration password, see the Deployment variables for macOS section.

      Note

      Alternatively, if you want to install an agent without registering it, omit the deployment variables. To learn more about the different registration methods, see the Wazuh agent enrollment section.

   2. To complete the installation process, start the Wazuh agent.

      # /Library/Ossec/bin/wazuh-control start
      

   The installation process is now complete, and the Wazuh agent is successfully deployed and running on your macOS endpoint.

By default, all agent files are stored in /Library/Ossec/ after the installation.