You can monitor a set of maildirs which receive email messages containing log files for the services as listed in address.cf by doing something like:
$ lr_run lr_spoold
This enables you to configure one host as a reporting host (or "online responder"), while other machines send their log files to it by email for processing. (If remote syslogging is used, a cron-driven setup is sufficient.)
A publicly available online responder is running at log@<servicename>.logreport.org; see http://logreport.org/lire/or/ for more information.