Adding an agent with ossec-authd

It is possible to add a key to a system via an automated method. ossec-authd and agent-auth provide this functionality.


ossec-authd will run on the server adding agents and distributing authentication keys.


There is currently no authentication, so any host that can connect to the port ossec-authd listens to can obtain an OSSEC agent key. It is recommended that the OSSEC manager’s firewall be used to help limit connections.

Run ossec-authd, listening on port 1515:

/var/ossec/bin/ossec-authd -p 1515


agent-auth will connect to an ossec-authd instance to receive, and install an agent key.

Run agent-auth connecting to the manager on IP port 1515:

/var/ossec/bin/agent-auth -m -p 1515

Table Of Contents

Previous topic

Agent systems behind NAT or with dynamic IPs (DHCP)

Next topic

Centralized agent configuration