I may be out ofmy league here, but I can't pass this up. I am not a computer security guy (yet), but i do analysis on lots and lots (Gigs) of logs. Not sytem logs but huge text files that come inmany diferent delimited and fixed width formats. When it comes to doing things your own way with data manipulation you can't beat a data base. Once you have all of the tables, Import/export scripts(orMacros), and queries done itisa snap. You can suck all the data in and once it is neatly in place you can make the Db tell you anythng you want to know based on the criteria of any variablecontainedin the original logs.

It can look for anomoloies, links, patterns, Etc.... Anything you want. And once you get the info your looking for you can turn it intoa chart, a graph, a spreadsheet Etc... Again, anything you want.

MySql is an enterprise level open source database that can do CL stuff and has an available GUI. Maybe this will help maybe not but it sounded like a pretty goodsolution to your problem.