Commands to deactivate and reactivate wazuh agent via CLI Windows
29 views
Skip to first unread message
Johny Novent
Dec 4, 2025, 3:29:39 PM (2 days ago) Dec 4
to Wazuh | Mailing List
Hi wazuh community
Recently I tried to create a script in python that deactivate and reactivate the wazuh agent remotely
I tried the command sc start WazuhSvc and sc stop WazuhSvc
the stop command works fine and the agent is stopped
but the command stop I think kills the process and when I tried to reactivate manually in Windows i got this error
I tried to use the same sc start command but it doesn't work
there are another different commands to use to stop and start the wazuh agent remotely via CLI in Windows ???
Olamilekan Abdullateef Ajani
Dec 5, 2025, 11:57:31 AM (2 days ago) Dec 5
to Wazuh | Mailing List
Hello,
"Recently I tried to create a script in python that deactivate and reactivate the wazuh agent remotely" I would like more information around this and this idea behind the use case. You also mentioned a service that can be stopped and restarted. That command stops the Wazuh service and can also be used to start it so when you try to deactivate, what exactly is your script doing?
"Recently I tried to create a script in python that deactivate and reactivate the wazuh agent remotely" I would like more information around this and this idea behind the use case. You also mentioned a service that can be stopped and restarted. That command stops the Wazuh service and can also be used to start it so when you try to deactivate, what exactly is your script doing?
That being said, the error you encountered indicates that there is a misconfiguration in your Wazuh agent's ossec.conf file located at: "C:\Program Files (x86)\ossec-agent\ossec.conf" You may want to review that file and ensure XML format is correct (no missing </tag>)
Try to start and stop the agent normally without the script and verify the operation.
sc stop WazuhSvc
sc start WazuhSvc
sc start WazuhSvc
OR with PowerShell:
Stop-Service -Name WazuhSvc
Start-Service -Name WazuhSvc
Start-Service -Name WazuhSvc
For further diagnosis, you may share the ossec.log file from the agent, redacting any sensitive information: C:\Program Files (x86)\ossec-agent\ossec.log
Please let me know what you find.
Johny Novent
Dec 5, 2025, 8:12:48 PM (2 days ago) Dec 5
to Wazuh | Mailing List
Hi
Olamilekan Abdullateef Ajani
thank you so much for your answer today I tried uninstall wazuh and reinstalled again and it works when I used the command
sc stop WazuhSvc
sc start WazuhSvc
sc start WazuhSvc
the stop and start command works inside the machine from the terminal but if I want to restart remotely from another machine how I can get that?
I need to restart manually the agent because when I tried to restart remotely this is not possible because the agent is offline so I need another way to restart from another machine
Reply all
Reply to author
Forward
0 new messages