The ossec-authd program can automatically add an agent to a Wazuh manager and provide the key to the agent. The agent-auth application is the client application used with ossec-authd. ossec-authd creates an agent with an IP address of “any” instead of using a specifig IP address.


By default, there is no authentication or authorization involved in this transaction, so it is recommended that this daemon only be run when a new agent is being added.

-V Version and license message.
-h This help message.
-d Debug mode. Use this parameter multiple times to increase the debug level.
-t Test configuration.
-f Run in foreground.
-i Use client’s source IP address instead of any.
-F <time> Remove old agent with same name or IP if its keepalive has more than the specified number of seconds.
-F no Disable force insertion.
-r Do not keep removed agents (delete).
-g <group> Group to run as.
Default ossec
-D <dir> Directory to chroot into.
Default /var/ossec
-p <port> Manager port.
Default 1515
-P Enable shared password authentication, at /var/ossec/etc/authd.pass or random.
-c <ciphers> SSL cipher list. The format of this parameter is described in SSL ciphers.
-v <path> Full path to CA certificate used to verify clients.
-s Used with -v, enable source host verification.
-x <path> Full path to server certificate.
Default /var/ossec/etc/sslmanager.cert.
-k <path> Full path to server key.
Default /var/ossec/etc/sslmanager.key.
-a Auto negotiate the most secure common SSL/TLS method with the client.
Default TLS v1.2 only (if supported by the server).
-L Force insertion even though agent limit has been reached.