swatch vs. logwatch (vs. syslog-ng? something?)

[Dave Burns]

What do you guys use to make sure that evil log messages get noticed quickly?

I've been trying to set up swatch. There is an rpm to install the
binary, but it does not provide a default config file or set up swatch
as a service in chkconfig. So I am doing it myself, no problem. But I
keep googling for various things, and if I include 'fedora' in the
search terms I don't get much, as if no one used it. Swatch has been
around a long time, so if anyone used it I think there would be a lot
more information available and stuff ready to go.

The basic capability I am looking for is a daemon that tails one (or
more) log files, greps out stuff that is boring, and immediately sends
me an email about the interesting stuff. Especially stuff that I've
never seen before and therefore don't have a nice regular expression
for other than /./. Swatch seems aimed right at this sort of problem.

Logwatch is similar,  but by default is set up to run once a day, and
includes a lot of stuff by default that I consider dull, and even the
stuff that I consider interesting is formatted in a way that makes me
have to think too much before knowing "everything's cool" or "oh
fudge!" Is there an easy way to make it more event driven and grep out
all the boilerplate? Do you leave logwatch's setup alone, turn it off,
or tweak it?

I know nothing about syslog-ng, other than it handles centralized
logging over TCP, maybe it can so something like this, grep out the
noise and email the signal? Any other options?

My feeling is that I should only have to look at logs when I am
looking for error messages related to some problem I am having, that
the sort of bad news that shows up in a log file unexpectedly should
come chasing after me (via email)  instead of waiting for me to come
take a look at the logs, something I am always tempted to put off for
'later'.

Thanks,
Dave