OSSEC: How to Install the Windows Agent
Get the windows binary from atomicorp.
At the time of writing, the latest is 3.6.0. Download and install the exe. During the installation, you will get an error. Ignore it.
Next, we need to download the libpcre2-8-0.dll from the git-sdk-64 Github page in mingw32/bin/libpcre2-8-0.dll and stick it in the osscec-agent folder at C:\Program Files (x86)\ossec-agent\.
In the ossec-agent folder, we need to open an admin command prompt and run:
Next, we need to get your unique client ID. On your OSSEC server, add a new client and then extract the key. To do this, run:
Lastly, in the ossec-agent folder on windows open win32-ui and fill out the information. After that, hit save and start the service. On your server, run the following command to see if your agent is connected.
sudo /var/ossec/bin/agent_control -lc
If you see your agent, you did it! if you didn’t, restart the control service and check the firewall.