Skip to main content
Skip table of contents

Windows based systems

The agent installation process has been simplified as much as possible with the following examples to save time on deployment and troubleshooting.

🔖 NOTE: Please see note the following information for details on how to determine the agent URL to use for central registration.

Depending on the design of your environment you may want to point the agents to the central XDR rather than configuring them to connect to the log aggregator. If this is a requirement you would prefix the tenant FQDN with wazuh e.g.

For tenant1

wazuh.tenant1.siem.example.com

For tenant2

wazuh.tenant2.siem.example.com

Note how the second part of the FQDN changes. This structure holds true throughout the environment regardless of tenant name. For general reference this can be referred to as the XDR FQDN.

Download URL:

https://packages.wazuh.com/4.x/windows/wazuh-agent-4.3.10-1.msi

Installation from local source (Command Prompt or PowerShell v3+):

This method is used when the downloaded file is made available on local disk or on a mapped network share in a command prompt with elevated priviledges.

Agent configured to connect to Hydra:

NONE 
wazuh-agent-4.3.10-1.msi /q WAZUH_MANAGER=<hydra_ip> WAZUH_REGISTRATION_SERVER=<hydra_ip> WAZUH_AGENT_GROUP="default" & timeout /t 10 /nobreak & NET START WazuhSvc

Agent configured to connect to central platform:

CODE 
wazuh-agent-4.3.10-1.msi /q WAZUH_MANAGER=wazuh.<central_fqdn> WAZUH_REGISTRATION_SERVER=wazuh.<central_fqdn> WAZUH_AGENT_GROUP="default" & timeout /t 10 /nobreak & NET START WazuhSvc

Installation directly from Internet (Powershell Only:

This method downloads the required file from the Internet and then automatically proceeds to installation.

Agent configured to connect to Hydra:

CODE 
Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.3.10-1.msi -OutFile ${env:tmp}\wazuh-agent-4.3.10.msi; msiexec.exe /i ${env:tmp}\wazuh-agent-4.3.10.msi /q WAZUH_MANAGER='<hydra_ip>' WAZUH_REGISTRATION_SERVER='<hydra_ip>' WAZUH_AGENT_GROUP='default' <central_fqdn>

Agent configured to connect to central platform:

CODE 
Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.3.10-1.msi -OutFile ${env:tmp}\wazuh-agent-4.3.10.msi; msiexec.exe /i ${env:tmp}\wazuh-agent-4.3.10.msi /q WAZUH_MANAGER='<central_fqdn>' WAZUH_REGISTRATION_SERVER='<central_fqdn>' WAZUH_AGENT_GROUP='default'<central_fqdn>

⚠️ NOTE: There are ample examples with values encapsulating with double or single quotes, all possible care was taken to cover as many operating systems and their versions as possible. It is possible that specific versions and sub-versions may require the double quotes to be swopped out for single quotes and vice versa.

Additional variables options for Windows based installations:

https://documentation.wazuh.com/current/user-manual/deployment-variables/deployment-variables-windows.html

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close