Importing the client key to the Wazuh agent

In this section, you can find instructions on configuring the Wazuh agent with the client key received from the Wazuh manager. This allows the Wazuh agent to communicate with the Wazuh manager.

The steps below shows how to configure the Wazuh agent on different operating systems using the client key:

Linux/Unix

Follow the steps below to import the client key to a Linux/Unix endpoint:

  1. From the Wazuh agent, launch the terminal, obtain root access, and import the client key. Replace <KEY> with the client key received from the Wazuh manager:

    # /var/ossec/bin/manage_agents -i <KEY>
    

    The output should look like this:

      Agent information:
      ID:001
      Name:agent_1
      IP Address:any
      Confirm adding it?(y/n): y
      Added.
    
  2. Add the Wazuh manager IP address or FQDN (Fully Qualified Domain Name) to the Wazuh agent configuration file in /var/ossec/etc/ossec.conf. Replace <WAZUH_MANAGER_IP> with the IP address or FQDN (Fully Qualified Domain Name) of the Wazuh manager.

    <client>
      <server>
        <address><WAZUH_MANAGER_IP></address>
        ...
      </server>
    </client>
    
  3. Restart the Wazuh agent to make the changes effective:

    # systemctl restart wazuh-agent
    
  4. Click on the upper-left menu icon and navigate to Server management > Endpoints Summary on the Wazuh dashboard to check for the newly enrolled Wazuh agent and its connection status. If the enrollment was successful, you will have an interface similar to the image below.

    Check newly enrolled Wazuh agent - Linux

Windows

Follow the steps below to import the client key to a Windows endpoint.

  1. From the Wazuh agent, launch the CMD or PowerShell as an administrator and import the client key. Replace <KEY> with the client key received from the Wazuh manager:

    For 64-bit systems:

    # "C:\Program Files (x86)\ossec-agent\manage_agents.exe" -i <KEY>
    

    For 32-bit systems:

    # "C:\Program Files\ossec-agent\manage_agents.exe" -i <KEY>
    

    The output should look like this:

    Agent information:
      ID:001
      Name:agent_1
      IP Address:any
    Confirm adding it?(y/n): y
    Added.
    
  2. Add the Wazuh manager IP address or FQDN (Fully Qualified Domain Name) to the Wazuh agent configuration file in C:\Program Files (x86)\ossec-agent\ossec.conf. Replace <WAZUH_MANAGER_IP> with the IP address or FQDN of the Wazuh manager.

    <client>
       <server>
         <address><WAZUH_MANAGER_IP></address>
         ...
       </server>
     </client>
    
  3. Restart the Wazuh agent to make the changes effective.

    # Restart-Service -Name wazuh
    
  4. Click on the upper-left menu icon and navigate to Server management > Endpoints Summary on the Wazuh dashboard to check for the newly enrolled Wazuh agent and its connection status. If the enrollment was successful, you will have an interface similar to the image below.

    Check newly enrolled Wazuh agent - Windows

macOS

Follow the steps below to import the client key to a macOS endpoint:

  1. Launch the terminal, obtain root access, and import the client key. Replace <KEY> with the client key received from the Wazuh manager:

    # /Library/Ossec/bin/manage_agents -i <KEY>
    

    The output should look like this:

      Agent information:
      ID:001
      Name:agent_1
      IP Address:any
      Confirm adding it?(y/n): y
      Added.
    
  2. Add the Wazuh manager IP address or FQDN (Fully Qualified Domain Name) to the Wazuh agent configuration file in /Library/Ossec/etc/ossec.conf. Replace <WAZUH_MANAGER_IP> with the IP address or FQDN of the Wazuh manager.

    <client>
      <server>
        <address><WAZUH_MANAGER_IP></address>
        ...
      </server>
    </client>
    
  3. Restart the Wazuh agent to make the changes effective:

    # /Library/Ossec/bin/wazuh-control restart
    
  4. Click on the upper-left menu icon and navigate to Server management > Endpoints Summary on the Wazuh dashboard to check for the newly enrolled Wazuh agent and its connection status. If the enrollment was successful, you will have an interface similar to the image below.

    Check newly enrolled Wazuh agent - macOS