During the month of May Daniel Cid went to AusCERT and Confidence to talk about OSSEC (i.e. Log analysis using OSSEC). On both presentations he mentioned LIDS (Log-Based intrusion detection), and provided an overview of the ossec architecture and how to write decoders and rules.

If you want to learn a bit more about ossec, take a look at them.
**Note that both presentations are very similar, but AusCERT’s is a bit more organized, so recommended to be read first.

• OSSEC at AusCERT (Log-based Intrusion detection using OSSEC).
• OSSEC at Confidence (Log analysis using OSSEC).