As it stands you have to tick all the logs and in the config file all logs are implicitly listed.
This means
- if a new log is added it isn't picked up
- you can't transfer a config file to another server easily as it may have differing logs
If the config could just say ALL LOGS and that would work around the above it would be really useful and make mass deployment a lot easier. This is a feature my company would use immediately as we readily have to store all events as part of our protective monitoring requirements.