Communication between agents and the OSSEC server generally occurs on port 1514/udp in secure mode. If using the syslog mode for ossec-remoted, then port 514 is the default (both UDP and TCP are supported). These ports are configurable in the remote section of the ossec.conf
The secure connection method is generally preferred over syslog. Also, an outside syslog daemon (like rsyslog or syslog-ng) may be used instead of the syslog support in ossec-remoted.