Andrew Storms from ncircle posted an interesting review of ossec in his blog (also at the ncircle main blog):
OSSEC is an open source host based intrusion detection system. The website states, “It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting and active response.” That is a mouthful.
Check it out: here.