Mac Installation

Wazuh Agent is the software responsible for analyzing all kinds of actions that affect the equipment where it is installed. It runs on each device that the user wants to supervise. It is the main tool to detect any problem in each computer individually and keep all this information on a server where, in real time, Apolo recognizes the status of each agent.

Between the two components, the agent and the server, they use an encrypted and authenticated channel. The agent was developed considering the need to oversee a large variety of different endpoints without affecting their performance. It requires 35 MB of RAM on average. Therefore, it supports the most popular operating systems. More information can be consulted at Wazuh’s official documentatio

Prior to Wazuh Installation

Before starting we must have administrator access to the computer where we want to install the agent. Mainly, we will use a very simple script where we will introduce the different values to identify our device. That way, it will be not necessary to access to the configuration file once the installation is completed.

These agents can be divided by two groups, computers with the nomenclature of «PC» and servers with the nomenclature of «SERVER». Also, Wazuh allows to establish an alias to each computer registered. To establish the connection with the server we will have to make a record with the correct credentials in addition to defining the address of the server.

Here we find a grid with the possible variables that we can use in our

WAZUH_MANAGERSpecifies the principal server address.
WAZUH_REGISTRATION_SERVERSpecifies the Wazuh register server, used by the agent register.
WAZUH_REGISTRATION_PASSWORDDefines the key to register agents on the server.
WAZUH_AGENT_NAMEAssignes the name of the device.
WAZUH_AGENT_GROUPAssignes which groups the device belongs.

These variables should be completed with these values:

WAZUH_AGENT_NAMEUp to choose, the name of the device.


  • Open a terminal and introduce the following command:
curl -so wazuh-agent-4.3.9.pkg && sudo launchctl setenv WAZUH_MANAGER <wazuh-manager> WAZUH_REGISTRATION_PASSWORD <password> && sudo installer -pkg ./wazuh-agent-4.3.9.pkg -target /
  • Next, execute the following to start with the installation:;
sudo /Library/Ossec/bin/wazuh-control start 
  • If, after installing the agent doesn’t appear as a new device, it means that authentication with the server has failed. Execute the following command to perform the registration in the manager:
/Library/Ossec/bin/agent-auth -m ' -P <passwd> -A <nom_agent> -G <grup
Updated on marzo 6, 2023