Again, there are pros and cons for each of these methods:

Local storage:

* No need for the logs to be transported, but introduces operational complexity to properly manage rights and permissions on the directories containing the logs.

* Window of opportunity for bad guys to manipulate the logs in case a system gets hacked -- logs cannot necessarily be trusted.

* Operational complexity when doing forensics because of obligation to scour from system to system, each having its local logs.