If you look around AO you'll see HOWTO's on IDS's and firewalls, tarpits, and honeynets. But I think there is something very integral that is missing here. So here's a little story.

So I come in today to Gigs of syslog messages, the IDS event log messages, firewall messages, tarpit messages, etc. etc. etc. The list can go on and on.

My new task is to get all of these seperate logging mechanisms together so i can correlate the information into a digestible form. In other words I have information overload. See here.

I know of people who do it manually, some try to automate the tasks with scripts, and still others that regularly ignore it all. How do you handle the plethora of security information at your work? Any and all reccomendations are appreciated.