For those who are developing applications that are under PCI scope, where the guidance suggests that you should store your application logs on another tier, remoting to a syslog server elsewhere feels like a best practice.
The question becomes, what should the PatternLayout look like that best enables folks to review their logs at least daily?