Unfetter Analytic is a reference implementation supported by The MITRE Corporation and the National Security Agency (NSA). This reference implementation uses NXLog to collect Windows events.
A new book was published recently titled Industrial Cybersecurity. This book is a one-step guide to understanding industrial cyber security, its control systems, and its operations. The book recommends NXLog to collect logs from a Windows system in chapter ICS Network Security.
Eric Conrad gave a talk at at DerbyCon7 and mentioned NXLog being a cool solution that can collect Windows Eventlog remotely on Linux via Windows Event Forwarding. Check out the video on Youtube.
You can find really powerfull tools for making a central syslog server in the Open Source world; from the “traditional” Rsyslog + LogAnalyzer setup to the new players like Graylog2.
Finally, we have got the customer awareness to collect all of a system’s logs as a starting point to get more visibility inside his infrastructure.