A timely post by the Internet Storm Center.
I'm working on collecting logs at home and for the church. Ultimately, at the church I want to set up something like Security Onion, but I need to start somewhere with incident response. To that end, I want to aggregate logs.
The ISC post has great ideas and potential tools for capturing logs.