All remote options must be configured in the /var/ossec/etc/ossec.conf and used within the <ossec_config> tag.
XML excerpt to show location:
<ossec_config>
<remote>
<!--
remote options here
-->
</remote>
</ossec_config>
Specify the type of connection being enabled: secure or using syslog.
Default: secure
Allowed: secure/syslog
Specifies the port to listen for events.
Default:
Allowed: Any port number from 1 to 65535
Specifies the protocol to use for syslog events.
Default: udp
Allowed: udp or tcp
List of IP addresses that are allowed to send syslog messages to the server (one per element).
Allowed: Any IP address or network
Note
It is necessary to allow at least one IP address when using the syslog connection type.
List of IP addresses that are not allowed to send syslog messages to the server(one per element).
Allowed: Any IP address or network
Local ip address to listen for connections.
Default: all interfaces
Allowed: Any internal ip address
Local ipv6 address to listen for connections.
Default: None
Allowed: Any IPv6 address.
Note
This is not well tested. For the time being I recommend using the full IPv6 address instead of one of the many shortcuts.