Skip to main content

PfSense Wazuh Agent install

·1 min

This is an addon for Ben Heater’s excellent post on how to get Wazuh Agent installed on PfSense and working with Surricata.

Before you Begin #

Install the Cron package in PfSense Packages. You’ll need to clean the logs for Wazuh Agent, so that it does not eat up space. If you ever need to upgrade Wazuh Agent, any crontab -e created jobs will be overwritten if you need to get pfSense packages working again (e.g. pkg needs to be downgraded).

You’ll want a cron job to translate to the below:

0 4 * * * /usr/bin/find /var/ossec/logs/wazuh/ -d 1 -mtime +30 -type d -exec rm -rf {} \; > /dev/null

Install the Agent #

The following is similar to Ben’s post.

sed -i 's/FreeBSD: { enabled: no/FreeBSD: { enabled: yes/g' /usr/local/etc/pkg/repos/{FreeBSD,pfSense}.conf
pkg update
pkg search wazuh-agent
pkg install wazuh-agent-*

Now Clean Pkgs #

sed -i 's/FreeBSD: { enabled: yes/FreeBSD: { enabled: no/g' /usr/local/etc/pkg/repos/{FreeBSD,pfSense}.conf
pkg clean
pkg update

Troubleshooting #

Package Manager No Longer Works #

If your Wazuh Agent install does not allow package manager to work again, you can try the following. In my case, I needed to downgrade pkg before it would work.

pkg-static clean -ay
pkg-static install -fy pkg pfSense-repo pfSense-upgrade