This document discusses event log monitoring strategies for complying with PCI DSS requirements. It recommends centralizing logging using syslog to collect Windows, Unix, and application logs. A security information and event management (SIEM) system can then parse, analyze, and alert on logs to meet review requirements. A three-phase approach is outlined: 1) gather all logs centrally, 2) profile normal activity to filter alerts, 3) focus on correlated high-priority security events. Central log storage with file integrity monitoring ensures logs cannot be altered, as required.