While setting up a new ossec cluster I encountered the following error when trying to restart ossec on the client server using /var/ossec/bin/agent_control 001 :
ossec-execd(1103): ERROR: Unable to open file '/var/ossec/etc/shared/ar.conf'.
ossec-execd(1311): ERROR: Invalid command name 'restart-ossec0' provided.
The issue is a problem with ownership on the ar.conf file. By default ossec installs it with root:root permissions but it needs to be root:ossec.
#chown root:ossec /var/ossec/etc/shared/ar.conf