QUAPE Website

Client Portal

Submit Ticket

Contact

quape web hosting provider logo red color with white background

EN

Login
Sign Up
Client Portal Submit Ticket Contact
quape web hosting provider logo red color with white background

EN

Login
Sign Up
Blog Categories
  • Server Security

How to Install Wazuh SIEM Step by Step

how to install wazuh

Wazuh is an open-source SIEM (Security Information and Event Management) tool designed to help monitor and secure your infrastructure. It provides real-time threat detection, log analysis, file integrity monitoring, and compliance reporting, making it a powerful choice for IT security teams.

In this step-by-step guide, you’ll learn how to install Wazuh 4.12 on an Ubuntu 24.04 server using official scripts. This setup is ideal for production environments with performance and scalability in mind.

Recommended Server Specifications

To run Wazuh effectively, we recommend the following minimum specifications:

  • CPU: 8-Core

  • RAM: 16 GB

  • Storage: 300–500 GB NVMe SSD

  • OS: Ubuntu 24.04 LTS

  • Network: 1 Gbps connection or higher

  • Deployment Options: QUAPE, Bare Metal, AWS, GCP, DigitalOcean, VirtualBox, VMWare

Step 1: Update System Packages

Start by updating your system packages to ensure everything is current and secure:

sudo apt update && sudo apt upgrade

Set the system timezone to ensure accurate logging and timestamps:

sudo dpkg-reconfigure tzdata

Step 2: Run the Wazuh Installation Script

Wazuh provides an official installation script that makes setup easy. Run the following command to start the installation process:

curl -sO https://packages.wazuh.com/4.12/wazuh-install.sh && sudo bash ./wazuh-install.sh -a

Wazuh version 4.12 was released on May 7, 2025.

After installation, retrieve the auto-generated passwords using this command:

sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt

Step 3: Access the Wazuh Dashboard

Once installation is complete, open your browser and access the dashboard using your server’s IP:

https://your-server-ip

how to install wazuh

Login using the credentials obtained from the previous step.

You should now see the Wazuh login interface where you can start exploring your dashboard.

Step 4: Deploy Wazuh Agent to Other Machines

To monitor additional systems:

  • Go to your Wazuh Dashboard

  • Click the three-dot menu (top right)

  • Select Server Management > Endpoint Summary

  • Click Deploy New Agent

Select the platform for your agent (Linux, macOS, or Windows) and copy the provided installation command.

Supported agent formats include:

  • Linux (RPM/DEB for AMD64 and AARCH64)

  • Windows (MSI 32/64 bit)

  • macOS (Intel or Apple Silicon)

how to install wazuh

Fill in the server address, agent name, and group. Paste and run the command on your client machine to complete deployment.

Final Thoughts

Installing Wazuh SIEM is a crucial step in building a robust security monitoring system. It empowers teams to detect threats early and manage infrastructure more effectively.

For best performance and easier management, consider running Wazuh on a reliable and high-speed VPS. QUAPE HOSTING VPS is optimized for SIEM deployments like Wazuh, offering enterprise-grade performance, NVMe storage, and stable 10 Gbps network making it an excellent choice for businesses that prioritize uptime and security.

FAQ

What is Wazuh used for?

Wazuh is an open-source SIEM (Security Information and Event Management) solution. It is used to monitor servers and endpoints in real-time, detect intrusions, analyze logs, ensure compliance (PCI-DSS, HIPAA, GDPR), and strengthen your cybersecurity posture.

Can I install Wazuh on other Linux distributions?

Yes. While this tutorial uses Ubuntu 24.04 LTS, Wazuh also supports other major distributions such as CentOS, Debian, and Red Hat Enterprise Linux. You can find distribution-specific installation guides on the official Wazuh documentation.

Is Wazuh suitable for enterprise environments?

Absolutely. Wazuh scales well for enterprise environments, supporting thousands of agents. It integrates with tools like ELK Stack, Splunk, and cloud platforms including AWS and Azure.

What ports need to be open for Wazuh to work properly?

By default, Wazuh uses:

  • TCP port 1514/udp and 1515/tcp for agent communication

  • TCP port 55000 for Wazuh API

  • Port 5601 for the web dashboard (Kibana)

Ensure these are open on your firewall for full functionality.

Where are Wazuh logs stored?

Wazuh logs are typically stored in /var/ossec/logs. You can find logs for alerts, installation, agent connections, and system events in that directory.

Is Quape VPS compatible with Wazuh?

Yes. In fact, QUAPE VPS is highly recommended for deploying Wazuh due to its optimized NVMe storage, high-speed 10 Gbps connection, and scalable resources. It ensures fast indexing and seamless dashboard performance, especially in high-log environments.

Athif Quape
Latest posts by Athif Quape (see all)

More Related Articles

How to Set Up Uptime Kuma
  • Server Security

How to Set Up Uptime Kuma in 5 Easy Steps

Let's Get in Touch!

Dream big and start your journey with us. We’re all about innovation and making things happen.

Contact Us Now