Logging...a subject that can be a pain but when troubleshooting is a requirement. I understand infosec's requirement for logging and I understand SARBOX and various other audit requirements for logging. On the other hand we also monitor log files for specific events elated to application health and system health. In some cases it is pretty simple and we just use the built in tools to pull off what we need.
In other cases there are some very chatty log files and trying to find the needle in the haystack is more the norm. Thus we are working on a hybrid solution so that infosec gets what they need and we get a smaller firehose to drink from by using a tool design specifically for this. Granted Kiwi is good but doesn't support some of the log file naming challenges we face. So we are using Splunk to pull the logfiles and sending it all to infosec while sending what we need our way. Thus we are putting only one agent on a system and everyone including the application support folks get a Win Win on being able to see things. We get reduced overhead but all the data aggregated in a way that everyone gets to see their slice of the pie.