Our security tip #9 in this Christmas calendar is to set up a separate log host. You should aim to have separate log hosts that your servers ship logs to. The reason for this is that in case your system is compromised, the attacker might edit or delete logs, but with a separate log host you don’t need to worry about that as the log host is separate from the other servers. The log host also gives you a very good interface for log management, as you will be able to scan through the logs of all your servers from a web url.
At Basefarm we use different tools for managing logs. If you are interested to learn more about one of the tools, we have a guide on our blog that explains how to set up LogStash.