Log management covers collection, normalization, aggregation, storage, and analysis of logs from all systems. Centralized logging (SIEM) is critical — local logs are deleted by attackers and siloed.
Log management requirements: syslog for transport, SIEM for analysis, hot/warm/cold storage tiers for retention, tamper-evident storage. Without centralized logging, incident investigations fail. More security budget on SIEM than almost any other control is typically justified.