[lammbo]

The bottom line always comes down to what you're trying to do of course, but I'm running R65 Eventia Suite (analyzer and reporter).

There has been some discussion above regarding consolidation rates. I have seen my Analyzer server process over 30,000 logs per minute (that's the highest that I've seen, but I don't keep my eyes glued to the console all day either). Right now, as I type, I am processing about 2000 - 5000 logs per minute and the main office doesn't open for another hour. Consolidation rate on Eventia is not an issue that I've seen firsthand.

I use correlation for the following items to generate events:
FW-1 Logs
Cisco Syslog (switches and routers)
Windows Event logs

With the exception that the consolidation sessions like to stop when I push policy sometimes, I'd say that overall I'm happy with it. I do not have requirements to run any highly complex reports on a normal basis, but the few times I've needed to generate something, I was able to generate the appropriate information.