I was very pleased to find out that OSSEC was featured on hack 86 – Centrally Monitor the Security Posture of Your Servers (under chapter 8 – Logging) of the Network Security Hacks (2nd edition) book.
I had the opportunity the browse through the contents and it seemed pretty good, although the author used a very old version (0.8) on their examples. Anyway, if you have a Safari account you can check it out online or you can buy the book .. Since he mentions OSSEC, it must be very good 🙂