Registering Wazuh agents - additional information

OpenSSL package requirement

The registration service requires an SSL certificate on the Wazuh manager in order to work. This certificate will be automatically generated by the package during the installation if the openssl package is installed. The package will create the certificate and the key needed to run the authentication process called wazuh-authd. This certificate and the key can be found on the Wazuh manager in the /var/ossec/etc/sslmanager.cert and the /var/ossec/etc/sslmanager.key files.

The wazuh-authd service is used to obtain an unique key, one per each Wazuh agent, which allows to authenticate with the Wazuh communication service and to encrypt traffic. The communication is done over TLS protocol. The agent-auth program is the client application used along with the wazuh-authd to automatically add the Wazuh agent to the Wazuh manager.

Wazuh agents’ keys

The Wazuh manager uses the /var/ossec/etc/client.keys file to store the registration record of each Wazuh agent, which includes ID, name, IP, and key.


001 Server1 any e20e0394dca71bacdea57d4ca25d203f836eca12eeca1ec150c2e5f4309a653a
002 ServerProd b0c5548beda537daddb4da698424d0856c3d4e760eaced803d58c07ad1a95f4c
003 DBServer 8ec4843da9e61647d1ec3facab542acc26bd0e08ffc010086bb3a6fc22f6f65b

The Wazuh agents also have the /var/ossec/etc/client.keys file, containing only their own registration record.

Example for Server1 Wazuh agent:

001 Server1 any e20e0394dca71bacdea57d4ca25d203f836eca12eeca1ec150c2e5f4309a653a

Basic data for registering the Wazuh agent

In order to register Wazuh agent, it is necessary to provide the name and the IP address of the Wazuh agent.

There are several ways to set the Wazuh agent’s IP:

  • Any IP: Allows the Wazuh agent to connect with any IP address. Example: Server1 has any IP address.

  • Fixed IP: Allows the Wazuh agent to connect only with the specified IP address. Example: ServerProd has the IP address

  • Range IP: Allows the Wazuh agent to connect with the IP address within the specified range. Example: DBServer has the IP address range

Registration methods using agent-auth utility can automatically detect the IP address of the Wazuh agent during the registration process.