Modify Wazuh IP address via PowerShell

  • by

In this post, we will use our script to adjust Wazuh Managers’ IP address via PowerShell on our client machines. During my deployment of Wazuh, I ended up using the manager’s IP address instead of a load balancer to simplify deployment. I thought to myself, surely there is a way to update this in the future without hassle – I was wrong.

Script Use Case: You need to adjust the manager’s IP address for agents already deployed. Depending on your environment, you can adjust the Wazuh manager’s IP address via PowerShell script block or leverage SCCM/LANDesk to deploy the script throughout your environment.

Make sure to adjust the following:

# OSSEC CFG Path
$ossecpathcfg = 'C:\Program Files (x86)\ossec-agent\ossec.conf'

$newIP = '###.###.###.###'
$origProtocol = 'udp'
$newProtocol = 'tcp'

Entire Script:

# OSSEC CFG Path
$ossecpathcfg = 'C:\Program Files (x86)\ossec-agent\ossec.conf'

# IP Addresses
$newIP = '###.###.###.###'
$origProtocol = 'udp'
$newProtocol = 'tcp'

# Read file, change IP, and save
(Get-Content -path $ossecpathcfg -Raw) -replace "\d{1,}\.\d{1,}\.\d{1,}\.\d{1,}",$newIP | Set-Content -Path $ossecpathcfg

Start-Sleep -Seconds 2

# Read file, change IP, and save
(Get-Content -path $ossecpathcfg -Raw) -replace $origProtocol,$newProtocol | Set-Content -Path $ossecpathcfg

# Wait 5 seconds
Start-Sleep -Seconds 5

# Restart OSSEC Service
get-service -name OssecSvc | restart-service -force

In conclusion, deploy Wazuh worker and manager nodes behind a load balancer, and you won’t need this.