I’ve continued working with the Security Onion distribution and have just tripped over another Open Source Security Information & Event Management (SIEM) product.  OSSIM can draw information from network equipment (firewalls, routers, & switches), Linux hosts, Unix hosts, and Windows hosts using a variety of methods.  It maintains this data locally in a SQL database for about 45 days, which provides some forensic capability for a small environment.