Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Acknowledgement
- Please check the wazuh-manager first if it is running before installing a wazuh-agent to the users.
- 1. Run CMD as Administrator
- type command: powershell
- press enter
- 2. Next enter the following commands one by one
- ---------------------------------------------------------------------------------------
- command 1: $whoami=[System.Security.Principal.WindowsIdentity]::GetCurrent().Name
- ---------------------------------------------------------------------------------------
- Explanation 1: The command1 is to identify the username of the account, if the powershell did not acknowledge the $whoami value then we have to manually input the username of the AD account it must follow this format example only if username is User Test: 'IS6_U_Test'
- note: must include quotation marks ''
- ---------------------------------------------------------------------------------------
- command 2: Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.7.2-1.msi -OutFile ${env.tmp}\wazuh-agent; msiexec.exe /i ${env.tmp}\wazuh-agent /q WAZUH_MANAGER='10.1.113.214' WAZUH_AGENT_GROUP='default' WAZUH_AGENT_NAME=$whoami WAZUH_REGISTRATION_SERVER='10.1.113.214'
- ---------------------------------------------------------------------------------------
- If you encountered Explanation 1: then replace the $whoami at command2 following the format username
- sample:
- WAZUH_AGENT_NAME='IS6_U_Test'
- ------------------------
- command 3: net start WazuhSvc
- ------------------------
- This is for starting the wazuh-agent service
- 3. Check the wazuh dashboard for verification
- https://10.1.113.214
- password: R5pSJynpYwRfFR6yfC5cX7uH+Ds*LU0J
- ----------------
- Troubleshooting
- ----------------
- If the wazuh dashboard displays an error (eg. API error)
- goto IWU and open the ubuntu server
- username: wazuh.server
- password: 1wu@W4zuH!~
- 1.
- Open terminal and type command: sudo su
- press enter
- enter the wazuh.server password
- 2.
- Once we have entered the correct password then
- type command: systemctl restart wazuh-manager
- this is to start/restart the wazuh-manager if suddenly the server has shutdown or encountered an issue
- 3. Check the status of wazuh-manager
- systemctl status wazuh-manager
- If the output is active/running then proceed on installing an agent
- If the wazuh-agent has been installed and the user device is not listed on the active agents
- then we have to remove the current agent installed and reinstall it
- 1. Easy way is to download the agent installer:
- https://documentation.wazuh.com/current/installation-guide/wazuh-agent/wazuh-agent-package-windows.html
- after installation, open it and click remove.
- Repeat the installation process through the powershell again.
- Optional:
- 2. Manual removal of agent to the wazuh-server
- To uninstall the agent, the original Windows installer file is required to perform the unattended process:
- msiexec.exe /x wazuh-agent-4.7.2-1.msi /qn
- The Wazuh agent is now completely removed from your Windows endpoint.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement