If you are having issues with ossec, the first thing to do is look at your logs.
What is OSSEC
OSSEC is open source host-based intrusion detection system, which is necessary if we want to detect host-based attacks on our computer.
How to find problems
Unix/Linux: The logs will be in /var/ossec/logs/ossec.log
Windows: The logs are at C: Program Filesossec-agentossec.log.
If by looking at them, you can’t find out the problem, we recommend you to write an e-mail to one of our mailing groups with the following information:
OSSEC version number.
Run the following to receive the version installation.
Content of /etc/ossec-init.conf
Content of /var/ossec/etc/ossec.conf or (or C:Program Filesossec-agentossec.log if Windows) (or C:Program Filesossec-agentossec.log if Windows)
Content of /var/ossec/logs/ossec.log
Operating system name/version (uname -a if Unix) (uname -a if Unix)
Any additional necessary information.