We have a collection of about 100 Windows 2003 and Windows 2008 R2 domain controllers that I would like to start capturing Event Log data from. Many of the servers are very busy and generate large volumes of events, particularly security events that we also want to capture.
We're currently using a enterprise/expensive monitoring solution that we're reasonably happy with for system uptime and performance statistics, but the event log monitoring component is not so good.
I'm hoping to find something quick and dirty for this purpose if possible.
Legacy Answer; Updates from the future below
If already have some Linux/Unix machines in your environment and are comfortable with that format, I'd recommend using Syslog. There are a number of products that will forward your logs to a syslog server for you.
If you're just looking for log collection for legal/compliance reasons, anything will do, really.
Splunk is fairly popular log tool (I think it's based on syslog) that can do a lot of reporting for you. If you want analytics built in, it's a good place to start evaluating. It has a limited free version, but can pay to break out of those limitations.
You can also use Nagios to assist you with your Log Management, especially with some of the plugins and sidecar applications, but I'll warn that it's not trivial to set up.
UPDATE: If you're not afraid of scripting, there are a lot of examples of Logging Scripts at the Microsoft Script Center Repository. (Fulfilling the down-n-dirty requirement...)
UPDATE 2015: If you're not using Splunk, you should use ELK (ElasticSearch, Logstash, & Kibana) as your logging mechanism. While F/OSS like Syslog, it gives you so much more feature-wise. As far as shipping logs, you should use NXLog. It handles Windows Event Logs, and ships them as objects (viewable as JSON, which is how they're stored in ElasticSearch). While each log is slightly larger over the wire, you don't need to write long, painful, and brittle RegEx statements to parse the fields (like you do in order to make use of Syslog, or syslog-formatted logs sent to ELK).
SCOM (System Center Operations Manager) or anotehr enterprise tool just is it. Nothing else.
2008 R2 can forward events to another server out of the box, allowing central archiving, but that rules out definitely the 2003 servers.
You may want to give a try to Splunk to collect and index all these events. Splunk provide a very efficient way of visualizing, correlating datas from various inputs including Windows Event Logs.
Quick and dirty, you say? Here you go:
http://www.logmeister.com/index.shtml
phpLogCon might help you here (although it's more about reading/browsing the logs than collecting them). I've only ever used it with rsyslog, but the documentation says:
(It would probably be worth looking into these tools.)