Security Events & Logs Management

[henrys () onebox com]

My apology if this is not the appropriate place to post this. I would like to get inputs from some experts on this list 
on their experiences with SEM (Security Event Management) vendors and their products. Ideally, our requirements is for 
a geographically dispersed enterprise network that contains Linux, Unix, Windows, Cisco routers and switches, PIX, 
Cisco VPN concentrators, Snort (IDS) and we also have a Nessus appliance running.

The network have and assortment of about 5000 devices with some critical application and database servers. I would like 
to have all logs from critical servers and security events aggregated and correlated to detect security related issues.

I would also like to use this solution for logs management to store/archive for later analysis if needed for audits, 
forensics, etc. Are their vendors that do a good job of correlation and logs management very well? What approaches have 
been used by others and what are some things I should watch out for?

Thanks for your inputs.

HS