Events centralization is a must-have in your security policy. Using a central place where reside your logs has many advantages:
- Reduction of the resources usage on the source device (disk almost)
- No need to take care of local logs: logs contain critical data and must be secured.
- In case of a compromized host, the logs are still available (hackers don’t like to keep trace of their acts and try to delete as much as possible the logs)
- Centralized logs can be post-processed for further analysis (log normalization and correlation).