I will, I will :-)
But for now, here is some fun log-related stuff, in one enjoyable pile:
- Logs and security (clouded) by BeastOrBudda. Good content on tracking activities thru various logs and HOT video link (here)
- Is It Better To Leave Some Logs Behind? (full text) Good discussion on whether "collect everything" (every log) is the right strategy in all cases. Sadly, but yes, some logs are so poorly done (Solaris BSM anyone? :-) [some of the logs there are worth dumping...]) that they are truly useless for most conceivable purposes and can be thrown away with no loss of useful information whatsoever.
- "Description of security events in Windows Vista and in Windows Server 2008" - read it if you are into sort of thing :-)