OSSEC: How to Install the Windows Agent

Get the windows binary from atomicorp.

https://updates.atomicorp.com/channels/ossec/windows/

At the time of writing, the latest is 3.6.0. Download and install the exe. During the installation, you will get an error. Ignore it.

Next, we need to download the libpcre2-8-0.dll from the git-sdk-64 Github page in mingw32/bin/libpcre2-8-0.dll and stick it in the osscec-agent folder at C:\Program Files (x86)\ossec-agent\.

https://github.com/git-for-windows/git-sdk-64/blob/master/mingw32/bin/libpcre2-8-0.dll

In the ossec-agent folder, we need to open an admin command prompt and run:

ossec-agent.exe install-service

Next, we need to get your unique client ID. On your OSSEC server, add a new client and then extract the key. To do this, run:

sudo /var/ossec/bin/manage_agents

Lastly, in the ossec-agent folder on windows open win32-ui and fill out the information. After that, hit save and start the service. On your server, run the following command to see if your agent is connected.

sudo /var/ossec/bin/agent_control -lc

If you see your agent, you did it! if you didn’t, restart the control service and check the firewall.