Logs serve a purpose, but cannot be relied upon for real-time alerting. By the time your logs show you the most critical problems, it will be too late. Some of the things you could be missing are:
Stealthbits addresses a challenge with native log data that I’ve struggled with for 8 years. Stealthbits does the analytical work for me, specifically detecting modern attack vectors like horizontal account movement, the kind of technique that enables attackers to acquire privileged credentials and do the most damage."