Last month I did a presentation about OSSEC for the Ottawa security group and showed some custom rules that I have been using for a while (to monitor MSN usage, internal http user agents, etc). The core of the presentation starts at slide 11, if you want to skip through the definitions of HIDS, OSSEC, etc.
For a list of features in the version 1.6, please visit: OSSEC v1.6 released.
For a list of issues that were solved, visit the Changelog.
Download it from: http://www.ossec.net/main/downloads .