How to Install OSSEC Agent on Windows?

OSSEC is an open-source Host dependent Intrusion detection software. OSSEC could be understood as Operating System Security. OSSEC is available for all major operating systems such as Linux, Windows, OS X, Solaris, and many other UNIX-based systems. OSSEC performs various operations to ensure security from intrusions; some of which are:

  1. Integrity Checking
  2. Windows Registry Monitoring (Only for Windows OS)
  3. Real-Time Alerting and Active Response for Intrusions.
  4. Data Log Analysis
  5. Rootkit Detection, etc.

In this article, we shall explain how to install the OSSEC agent side tool on the Windows operating system in a stepwise manner.


OSSEC works on a client-server model. While an OSSEC server maintains all intrusion activities, a client/agent runs an OSSEC agent tool that reports everything back to the connected server.
Presently, OSSEC only provides its intrusion detection capabilities as an agent for Windows OS. OSSEC is not available as a server for Windows OS therefore, an OSSEC server running on a Linux or GNU/UNIX-based OS is required to maintain the logs of the OSSEC agent tool running on the Windows machine. 

Steps to Install OSSEC Agent on Windows

Step 1: Download the OSSEC Agent Tool.

There are 3 versions of OSSEC available.

  1. OSSEC: This is the most basic version of OSSEC and provides basic features for the needs of maintaining the security of personal systems. This is a free version.
  2. OSSEC+: This is also a free version however, it offers a lot more features such as Machine Learning, ELK stack, PKI encryption, etc.
  3. Atomic OSSEC: This is a paid version with loads of additional features and offers intrusion security for enterprise-level networks.

To download, visit the official website and download your preferred version. We shall use the basic OSSEC for demonstration purposes. Download it and move to the next step.


Step 2: Installing the Agent.

Now, open the download folder and run the setup as administrator. On clicking next on the first window of setup, you will reach the Licensee Agreement, read it if you wish, and then, click ‘I Agree’.


Now, there will be a screen like the following:


Although it says recommended for ‘Scan and monitor IIS logs’ however, if you do not know whether your computer has IIS logs enabled or not, uncheck that option. Click Next.


Now, select the location to install the OSSEC agent and click on Install.


Once the agent is installed, there will be a screen like the above. Click Next and then, run the program by clicking on Finish.


After that, a new Window will open and ask for the IP address of the OSSEC server and an authentication key, that will be created by the server. After that, your agent is ready and it will regularly scan your Windows machine for intrusions and report it to the server.