InfoWorld May 22, 2012 May 21, 2012,
Volume 171, Issue 4
"Most companies' log files carry too much noise. For a better log management system, turn the normal model on its head ...
When it comes to log management, most administrators follow the traditional route of generating all possible events that might need to be captured, then choosing which events should create actionable alerts. The centralized log management system then picks up, centralizes, and correlates these entries. The result is information overload, much akin to the log entries generated by the average firewall..."