Log management is one thing, making use of them is another. A couple of years ago I was doing an investigation for a client on about 4 gigs of logfiles from 3 webservers, a router, and an IDS. After that I was on a mission to find something that I can use to aid in post event analysis and not over think the process for me