The ossec-authd program will automatically add an agent to a Wazuh manager and provide the key to the agent. The agent-auth application is the client application used with ossec-authd. ossec-authd creates an agent with an ip address of “any” instead of using its actual IP.


By default there is no authentication or authorization involved in this transaction, so it is recommended that this daemon only be run when a new agent is being added.

-V Version and license message.
-h This help message.
-d Debug mode. Use this parameter multiple times to increase the debug level.
-t Test configuration.
-f Run in foreground.
-i Use client’s source IP address instead of any.
-F <time> Remove old agent with same name or IP if its keepalive has more than <time> seconds.
-F no Disable force insertion.
-r Do not keep removed agents (delete).
-g <group> Group to run as.
Default ossec
-D <dir> Directory to chroot into.
Default /var/ossec
-p <port> Manager port.
Default 1515
-P Enable shared password authentication, at /var/ossec/etc/authd.pass or random.
-c <ciphers> SSL cipher list. The format of this parameter is described in SSL ciphers.
-v <path> Full path to CA certificate used to verify clients.
-s Used with -v, enable source host verification.
-x <path> Full path to server certificate.
Default /var/ossec/etc/sslmanager.cert.
-k <path> Full path to server key.
Default /var/ossec/etc/sslmanager.key.
-a Auto negotiate the most secure common SSL/TLS method with the client.
Default TLS v1.2 only (if supported by the server).
-L Force insertion though agent limit reached.