docs/dev/run-sources.md
This guide describes how to install and run Wazuh components built from source code.
Before running from sources, ensure you have:
Install the server by running the installation script:
./install.sh
Follow the interactive wizard to install the manager.
Alternatively, configure environment variables as described in etc/preloaded-vars.conf for an unattended installation:
USER_LANGUAGE="en" \
USER_INSTALL_TYPE="manager" \
USER_DIR="/var/wazuh-manager" \
USER_WHITE_LIST="n" \
USER_ENABLE_AUTHD="y" \
USER_UPDATE="y" \
USER_AUTO_START="n" \
./install.sh
After installation, start the manager:
/var/wazuh-manager/bin/wazuh-manager-control start
To verify the server is running:
/var/wazuh-manager/bin/wazuh-manager-control status
Run the installation script and follow the wizard:
./install.sh
Alternatively, use environment variables for unattended installation:
USER_LANGUAGE="en" \
USER_INSTALL_TYPE="agent" \
USER_DIR="/var/ossec" \
USER_AGENT_MANAGER_IP="10.0.0.2" \
USER_ENABLE_ACTIVE_RESPONSE="y" \
USER_CA_STORE="n" \
USER_UPDATE="y" \
./install.sh
Important: Set USER_AGENT_MANAGER_IP to the correct server address.
After installation, start the agent:
/var/ossec/bin/wazuh-control start
To verify the agent is running:
/var/ossec/bin/wazuh-control status
WiX Toolset 3.14 is required to build the Windows installer package.
Download from: https://github.com/wixtoolset/wix3/releases/tag/wix3141rtm
First, build the Windows agent as described in Build from Sources:
make -C src TARGET=winagent deps
make -C src TARGET=winagent
Copy all files to a Windows machine.
Navigate to the src/win32 directory and execute:
wazuh-installer-build-msi.bat
This will generate the MSI installer package.
Once the package is generated, install it using the command line with the server address:
wazuh-agent-*.msi /q WAZUH_MANAGER="10.0.0.2"
Important: Replace 10.0.0.2 with the correct server IP address.
For more installation options, see the Installation guide.
Start the Wazuh service on Windows:
Start-Service -Name wazuh
To verify the service is running:
Get-Service -Name wazuh
The main server configuration file is located at:
/var/wazuh-manager/etc/wazuh-manager.conf
After modifying the configuration, restart the server:
/var/wazuh-manager/bin/wazuh-manager-control restart
The agent configuration file is located at:
/var/ossec/etc/ossec.confC:\Program Files (x86)\ossec-agent\ossec.confAfter modifying the configuration, restart the agent:
UNIX:
/var/ossec/bin/wazuh-control restart
Windows:
Restart-Service -Name wazuh
/var/wazuh-manager/bin/wazuh-manager-control stop
/var/ossec/bin/wazuh-control stop
Stop-Service -Name wazuh
Logs are located in /var/wazuh-manager/logs/:
wazuh-manager.log - Main Wazuh logalerts/alerts.log - Security alerts/var/wazuh-manager/logs/To monitor logs in real-time:
tail -f /var/wazuh-manager/logs/wazuh-manager.log
Logs are located in /var/ossec/logs/:
ossec.log - Main Wazuh logalerts/alerts.log - Security alerts/var/ossec/logs/To monitor logs in real-time:
tail -f /var/ossec/logs/ossec.log
Logs are located in C:\Program Files (x86)\ossec-agent\:
ossec.log - Main agent logCheck the logs for error messages:
cat /var/ossec/logs/ossec.log
Verify the configuration file syntax:
/var/ossec/bin/wazuh-control configtest
Verify network connectivity:
ping <server_ip>
telnet <server_ip> 1514
Check firewall rules allow traffic on port 1514
Verify the server address in the agent configuration
Check authentication:
/var/ossec/bin/manage_agents -l
Ensure Wazuh is running with appropriate permissions:
ls -l /var/ossec/
Wazuh typically runs as the ossec user.