So here are the day 2 blog posts:
2WoO Day 2: Abusing OSSEC by Michael Starks
WoO Day 2 : In The Beginning ... by Jason Frisvold
This Blog is Monitored by OSSEC by Xavier Mertens
Ossec – Architecture and Implementation – Best practices ? by K4l4m4r1s
Ossec Server Install on my Ubuntu machine by K4l4m4r1s
Deploying OSSEC for Windows with Bigfix by Shawn Jefferson (a recent convert to OSSEC)
And the self promoting link: Rule 1002 - Just a quick note about Rule 1002, kind of a prelude for another couple of posts.
mstarks also started a thread on the mailing list asking for stories on how OSSEC saved the day or saved money. You can read it here. Feel free to join the list and contribute.
And a quick thanks to marc.info. I've used the site to read and look for archives on other lists for years now. Only recently did I realize the ossec-list was being mirrored there as well.
So there's day 2, what do you think of the posts?