I just gave a presentation at CPLUG on Syslog and Swatch. Having managed to successfully put an audience member to sleep during it (that's a first; it was a 50 minute talk), I doubt this will get much use. Regardless, I posted the presentation [PDF|ODP] and swatch/syslog-ng configs. Basically, use syslog, then reduce and evaluate them often, as people frequently underuse logs. I note that most people still don't do backups for similar reasons, i.e. because humans suck at repetitive tasks.

You want logging or backups? You have to automate it as much as possible or you just won't do it.