We are receiving our firewall and switch logs via syslog on a central server. there are lots of tools out there to receive them and also those to read and filter them. our budget is very limited (under $1K) and we have multiple sites to grab them from.
we were thinking of going with kiwi from solarwinds for receiving them. I liked Splunk, but the cost is very high compared to kiwi.
is there a tool people recommend for both filtering through the logs easily and getting alerts? We are a windows shop exclusively. anyone have any special preference over kiwi for a limited budget?