Skynats Logo

Need Assistance?

In only two hours, with an average response time of 15 minutes, our expert will have your problem sorted out.

Get Assistance Now

Server Trouble?

For a single, all-inclusive fee, we guarantee the continuous reliability, safety, and blazing speed of your servers.

Explore Our Plans

How to install Wazuh Server Cluster: Step-by-Step Guide

Introduction

In today’s cybersecurity landscape, having a scalable, centralized, and reliable threat detection and monitoring system is critical. To address this need, you can install wazuh server cluster, an open-source security monitoring platform that combines SIEM, log analysis, intrusion detection, and vulnerability detection into a single unified solution.

Setting up a Wazuh server in a cluster provides high availability, improved performance, and simplified management in distributed environments.

In one of our earlier blogs, we covered the installation of the Wazuh Indexer, which is responsible for storing and indexing security data collected from agents. In this guide, we’ll focus on how to install the Wazuh Server in a cluster configuration — the core engine that receives data from agents, applies rules and decoders, and forwards enriched data to the indexer.

We will be using the official Wazuh installation script, reducing a complex deployment to a few steps.

Step 1: Download the Wazuh Installation Script

First, download the official Wazuh installation script:

curl -sO https://packages.wazuh.com/4.11/wazuh-install.sh

This script simplifies the deployment of Wazuh components including the manager, Filebeat, and required SSL certificates.

Step 2: Run the Installation Script

To install the Wazuh server component, run the script with the –wazuh-server option followed by the node name (e.g., wazuh-1):

bash wazuh-install.sh --wazuh-server wazuh-1

This command installs:

  • Wazuh Manager – Core of the platform, managing agent data and rules.
  • Filebeat – For forwarding logs to the Wazuh indexer.
  • Configuration files and SSL certificates for secure communication.

Step 3: Verify the Installation

Check that the Wazuh Manager service is active:

systemctl status wazuh-manager

Also, Validate Filebeat’s output configuration by running the below command:

filebeat test output

If the output test completes successfully, you will see a result similar to the following:

elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2

A successful output test indicates that Filebeat has been properly configured and is successfully communicating with the Wazuh indexer.

Conclusion

Installing a Wazuh server node in a clustered environment is a critical step toward building a scalable and secure infrastructure. By using the Wazuh installation script, much of the complexity is handled automatically — saving time and ensuring consistency. In future steps, you can expand this setup by adding additional manager nodes and connecting them with indexers and dashboards.

Need help to install Wazuh Server Cluster or expert server management services? Contact us today for professional support and guidance!

Liked!! Share the post.

Get Support right now!

Start server management with our 24x7 monitoring and active support team

GET STARTED NOW
wordpress malware removal services

Company

Server Management

Cloud Management

Infrastructure

Quick Contact

© Copyright 2025 Skynats.com

Let us know your requirement.

Can't get what you are looking for?

CONTACT OUR SUPPORT TEAM

Get Support Right Away!

Thank You

We have received your query and will get back to you soon.