RPM based systems
The agent installation process has been simplified as much as possible with the following examples to save time on deployment and troubleshooting.
⚠️ NOTE: the <path_to_package>
needs to be the full absolute path e.g. /home/example
🔖 NOTE: Please see note the following information for details on how to determine the agent URL to use for central registration.
Depending on the design of your environment you may want to point the agents to the central XDR rather than configuring them to connect to the log aggregator. If this is a requirement you would prefix the tenant FQDN with wazuh e.g.
For tenant1
wazuh.tenant1.siem.example.com
For tenant2
wazuh.tenant2.siem.example.com
Note how the second part of the FQDN changes. This structure holds true throughout the environment regardless of tenant name. For general reference this can be referred to as the XDR FQDN.
Download URL:
https://packages.wazuh.com/4.x/yum/wazuh-agent-4.3.10-1.x86_64.rpm
Installation from local source:
This method is used when the downloaded file is made available on local disk or on a mapped network share in a command prompt with elevated priviledges.
Agent configured to connect to Hydra:
sudo WAZUH_MANAGER='<hydra_ip>' WAZUH_AGENT_GROUP='default' yum install <path_to_package>/wazuh-agent-4.3.10-1.x86_64.rpm
Agent configured to connect to central platform:
sudo WAZUH_MANAGER='<central_fqdn>' WAZUH_AGENT_GROUP='default' yum install <path_to_package>/wazuh-agent-4.3.10-1.x86_64.rpm
Installation directly from Internet:
This method downloads the required file from the Internet and then automatically proceeds to installation.
Agent configured to connect to Hydra:
sudo WAZUH_MANAGER='<hydra_ip>' WAZUH_AGENT_GROUP='default' yum install https://packages.wazuh.com/4.x/yum/wazuh-agent-4.3.10-1.x86_64.rpm
Agent configured to connect to central platform:
sudo WAZUH_MANAGER='<central_fqdn>' WAZUH_AGENT_GROUP='default' yum install https://packages.wazuh.com/4.x/yum/wazuh-agent-4.3.10-1.x86_64.rpm
⚠️ NOTE: There are ample examples with values encapsulating with double or single quotes, all possible care was taken to cover as many operating systems and their versions as possible. It is possible that specific versions and sub-versions may require the double quotes to be swopped out for single quotes and vice versa.