This fun post from AndyIT blog jumps from "staying fresh" to logs and reaches this curious observation: "How many times have you or someone you know spent a day or two prior to an audit "falsifying" log reports. Going through and checking off that they were checked when they haven't been looked at in days, weeks or months."
And my thought of this is: is this the result of people dumbly substituting "compliance" for "security"? Or something else? After all, reviewing logs is required not because "auditors are evil", but because it is genuinely useful, so why fake it (I am guessing due to radical time crunch or due to mammoth scale and boring nature of this task - when lacking the right tools)?