For those who are developing applications that are under PCI scope, where the guidance suggests that you should store your application logs on another tier, remoting to a syslog server elsewhere feels like a best practice.
The question becomes, what should the PatternLayout look like that best enables folks to review their logs at least daily?
Depends on how they want to do their log reviews.
I would suggest a slightly different twist. Flatten the log events to an XML format (e.g. the log4j XMLLayout) and save the resulting XML-fragments.
This can then later be post processed easily, for instance by Log Parser
http://www.microsoft.com/technet/scriptcenter/tools/logparser/default.mspx