cahunt In my organization, we have enterprise-class monitoring system that monitors all IT devices, servers, routers, switches, firewalls, VPNs, room temperature, etc. For networking and security devices, we send syslogs to centralized syslog server and then feeds to SIEM. We also have other sources to send to the SIEM. People who make SIEM know how to make their living by charging per incoming source. We save our organization's money by collecting sources in a couple of place and then feeding the SIEM.
Majority of the networking and security devices send SNMP traps to the enterprise monitoring system so that we can be alerted for the device health. We also utilize NetFlow to give us performance measure and security analysis.