Centralized login server should be run on the separate infrastructure server. You could possibly run few of those Monitoring, Metric-monitoring, syslogs in a separate jail instances on the same FreeBSD machine. One could write a book about centralized logs and in particularly analyzing centralized logs (such books have been written). FreeNAS 9.3 uses syslog-ng (ng stands for "next generation") since FreeBSD stack syslog. Syslog-ng is really a good product both client and the server side. I forgot what latest pfSense is using. I hope it is not FreeBSD built in syslog as it really lacks the features (potential developers should get the clue from what OpenBSD guys have done with syslog TCP+TLS and many other nice things). Anyhow I run syslog-ng.
You have to install something on the top of syslog-ng to search, analyze, and visualize log data.
Personally in my small lab I use combination of regular expressions and sed/awk. However
two major players in the enterprise open source arena are EFK (Elasticsearch Fluentd Kibana) and ELK (Elastricsearch Logstash Kibana). The have slight preference for ELK.
IIRC you can purchase preconfigured ELK appliance (just like pfSense and FreeNAS). If you want free I would suggest looking at TurnKey Linux appliance. Unfortunately I would guess that TurnKey uses Linux specific rsyslog under the hood. I have very low opinion about rsyslog in particular its behavior on non-Linux systems.
Long story short your probably also need a full time syslog engineer to help you with this.
Yes, I got the idea
In my case, I have a pfSense running squid. I remotely sent the logs into another pfsense.
Because I have these information in the log file, Lightsquid doesn't want to read logs anymore: Feb 9 15:39:39 router (squid-1):