I think we need more info!
Do any errors appear in ossec.log?
My ossec.log is in /usr/local/ossec-hids/logs
When I've had configuration errors popup, ossec writes some pretty detailed stuff. For example:
2019/05/05 18:42:53 ossec-monitord(1230): ERROR: Invalid element in the configuration: 'smtp_server'.
2019/05/05 18:42:53 ossec-monitord(1202): ERROR: Configuration error at '/usr/local/ossec-hids/etc/ossec.conf'. Exiting.
2019/05/05 18:42:53 ossec-monitord(1202): ERROR: Configuration error at '/usr/local/ossec-hids/etc/ossec.conf'. Exiting.
2019/05/06 00:55:50 ossec-testrule(1226): ERROR: Error reading XML file '/usr/local/ossec-hids/etc/ossec.conf': XMLERR: Element 'rule_id="100400"' not clo
sed. (line 392).
2019/05/06 00:55:50 ossec-testrule(1202): ERROR: Configuration error at '/usr/local/ossec-hids/etc/ossec.conf'. Exiting.
2019/05/16 14:17:32 ossec-testrule(1226): ERROR: Error reading XML file '/usr/local/ossec-hids/etc/ossec.conf': XMLERR: Attribute 'disabled' has no value.
(line 275).
2019/05/16 14:17:32 ossec-testrule(1202): ERROR: Configuration error at '/usr/local/ossec-hids/etc/ossec.conf'. Exiting.
and so on...
check the log...or post it to the list. Let's dig into it!