If you are having issues with ossec, the first thing to do is look at your logs.

What is OSSEC

OSSEC is open source host-based intrusion detection system, which is necessary if we want to detect host-based attacks on our computer.

How to find problems

Unix/Linux: The logs will be in /var/ossec/logs/ossec.log

Windows: The logs are at C: Program Filesossec-agentossec.log.

If by looking at them, you can’t find out the problem, we recommend you to write an e-mail to one of our mailing groups with the following information:

OSSEC version number.

Run the following to receive the version installation.

/var/ossec/bin/ossec-analysisd -V

Content of /etc/ossec-init.conf

Content of /var/ossec/etc/ossec.conf or (or C:Program Filesossec-agentossec.log if Windows) (or C:Program Filesossec-agentossec.log if Windows)

Content of /var/ossec/logs/ossec.log

Operating system name/version (uname -a if Unix) (uname -a if Unix)

Any additional necessary information.