OSSEC: How to Install the Windows Agent

Get the windows binary from atomicorp.


At the time of writing, the latest is 3.6.0. Download and install the exe. During the installation, you will get an error. Ignore it.


Next, we need to download the libpcre2-8-0.dll from the git-sdk-64 Github page in mingw32/bin/libpcre2-8-0.dll and stick it in the osscec-agent folder at C:\Program Files (x86)\ossec-agent\.



In the ossec-agent folder, we need to open an admin command prompt and run:

ossec-agent.exe install-service


Next, we need to get your unique client ID. On your OSSEC server, add a new client and then extract the key. To do this, run:

sudo /var/ossec/bin/manage_agents


Lastly, in the ossec-agent folder on windows open win32-ui and fill out the information. After that, hit save and start the service. On your server, run the following command to see if your agent is connected.

sudo /var/ossec/bin/agent_control -lc

If you see your agent, you did it! if you didn’t, restart the control service and check the firewall.



About: Ryan Parker

I'm a former captain of the Cyber Defense team, Current Infrastructure Security Specialist. I also have a side job helping small to medium business with anything technology doing everything imaginable. One of my hobbies is building out infrastructures for myself, friends, and clients. I current maintain a homelab with about 400GB of RAM, 100+ TB of storage, and tons of CPU cores.

Leave a Reply

Your email address will not be published. Required fields are marked *