Got KIWI Syslog running and playing with action filters. Anyone here in similar situation with figuring out a working filter set or building one that attempts to meet PCI DSS 2 (credit card company) requirements for the 'review logs daily' portion. More expensive 'paid for LEM's' have pre-built correlations so you know your parsing what's 'expected' by reqs.
Thanks, Doug