For security logs, we use MARS, which has a number of problems including usability, compatibility, and a future with Cisco. logwatch emails us, which is good for 3 servers but not 150. Ruby and Expect scripts manage configs here and there.
We’re looking for a more elegant solution.
Splunk appears to be a nice log aggregator and parser.
Satellite, Chef, and Puppet appear to be nice configuration managers.
We use mars as well, It does have issues scaling, processing and the treatment of false positives is lacking.
It would be nice to have something be able to do some log processing, and allow for easy filtering of event classes before analysis