The middle ground, and probably the easiest method to get you up and running, is to send logs via the syslog protocol to a remote server. However, sending it to a dedicated log management solution is actually even better. This will insure all your logs are centralized, which will facilitate getting the most value out of them.

Another decision point is how long to store the logs.  This needs to be carefully considered, especially as there are legal requirements you may be subject to or industry-specific rules that apply to you.

For example, PCI-DSS requirements ask you to store the PCI-scoped logs for a year. Country-specific rules may require you to delete logs after a certain period of time so as to respect privacy.

The typical tradeoffs: