This question relates to way more that can be covered in a single answer in a Q&A forum. There are people working exclusively with things like this in PCI projects - a good knowledge of the different sections of the PCI DSS is as I see it more or less required to be able to answer these questions in your specific situation, because the requirements will vary depending on where your cardholder data is stored and how you're handling it. My recommendation would be to bring in someone who knows log management and how it relates to PCI DSS, and have them assess your situation. ... View more