Log management implementation details

OK, I'm trying to get out of from a long hiatus of producing content by putting together a presentation about Log Management: the devil is on the details. I have been working in log management projects for some years by now and I noticed I managed to assemble a nice list of small issues that you find when working on those projects that will normally be responsible for 80% of the headaches. As I'm saying in the presentation, things that the vendors simply don't know how to solve, so they never talk about it :-)Some of the things I'm including there:

• Windows log collection: the options, the issues with them


• Credentials (user IDs) management when doing file transfers and connection to DBs


• Systems inventory (who are my log sources?)


• Privileges needed to collect logs (DBA rights to get logs???)


• Purging logs from the sources (who's gonna do it?)


• and some other stuff

So, if you have an interesting experience on implementing log management systems, please let me know those interesting "details" you had found during the process that caused you problems. It will be interesting to talk about the subject without going into the old "performance / parsing / reporting" discussions. Most of the vendors have figured out how to solve those problems. I want to talk about small things that hurt and still haven't been solved.Hope to get that ready for a TASK meeting or something like that. If I get enough feedback and input, it may grow up to a SecTor or similar submission.