We've been using a SIEM product for a number of years.  It's called EventTracker and it is horrible IMHO.  I'm in the process of looking for a replacement.  My boss isn't big on anything open-source, but he's also not big on BIG expense.  I'm the one that has to monitor/install/manage this thing, so I'd love something that can aggregate any kind of logs from VMware as well.  Right now, we don't do any kind of log collecting from VMware.  We have two, three host vSphere 5 clusters connected via SRM5.

So, I'm wondering is there any log collecting/correlation software out there that grabs from VMware?  Who likes what and why?  In the past, I've looked at offereings from Intersect Alliance, GFI, and Splunk, but cost always kept me from pushing it.  That and there are more important things than worrying about where my logs are going.  Well, we didn't renew our maintenance and this is running on a 2003 Server VM that'd I'd like to take down, so it's starting to become kind of important now.  Something like Splunk would be the holy grail, but I'm wanting cheaper and also want to know what other options are out there.  What's the community doing?  Thanks!