In DoD Cybercrime Conference 2007 in St. Louis, Missouri, Anton Chuvakin gave a talk about the "Five Mistakes of Security Log Analysis". Anton talks about operational security challenges that organizations face while deploying log and alert collection and analysis infrastructure. You can refer here for his simple presentation.
You also can refer to his previous article for Computerworld. I think this article is useful for us. Chuvaking highlights the top five most common mistakes organizations make in this process:
1: Not looking at the logs
2: Storing logs for too short a time
3: Not normalizing logs
4: Failing to prioritize log records
5: Looking for only the bad stuff
p/s: I think NSM is one of the solution for this five mistakes to reduce problems for my IDS that i'm still using it......hehehhee....