OSSEC: How to Install the Windows Agent

Get the windows binary from atomicorp.

https://updates.atomicorp.com/channels/ossec/windows/

At the time of writing, the latest is 3.6.0. Download and install the exe. During the installation, you will get an error. Ignore it.

 

Next, we need to download the libpcre2-8-0.dll from the git-sdk-64 Github page in mingw32/bin/libpcre2-8-0.dll and stick it in the osscec-agent folder at C:\Program Files (x86)\ossec-agent\.

https://github.com/git-for-windows/git-sdk-64/blob/master/mingw32/bin/libpcre2-8-0.dll

 

In the ossec-agent folder, we need to open an admin command prompt and run:

ossec-agent.exe install-service

 

Next, we need to get your unique client ID. On your OSSEC server, add a new client and then extract the key. To do this, run:

sudo /var/ossec/bin/manage_agents

 

Lastly, in the ossec-agent folder on windows open win32-ui and fill out the information. After that, hit save and start the service. On your server, run the following command to see if your agent is connected.

sudo /var/ossec/bin/agent_control -lc

If you see your agent, you did it! if you didn’t, restart the control service and check the firewall.

 

 



About: Ryan Parker

I am former captain of the Cyber Defense team form Cal State San Bernardino. I also have a side job helping small to medium business with anything technology, including but not limited to servers, networking, and end user devices. One of my hobbies is building out infrastructures for myself, friends, and clients. I current maintain a VMware ESXi cluster with about 280GB of RAM, with a 10Gbit network as backbone.


Leave a Reply

Your email address will not be published. Required fields are marked *