We are a small shop IT department and it has been emphasized to us to monitor our syslogs. We do not have a lot of background in this. I have been playing with KIWI but the amout of logs to gather is overwhelming. We need some guidance or best practices for setting up a log server and what to focus on. We have firewalls, switches and multiple windows servers. I can easily gather all the info but knowing what to focus in on is the hard part. Any guidance would be helpful. Out of all the documentation I have not found something like this or I dont know what to look for. Thanks!
Phillip