I am going through this process as well.  I am leaning towards Loglogic right now and have Cisco's MARS in my sights too.  The salesperson I am dealing with @ Loglogic has been painful to deal with.

What have you looked at so far?

I use Cisco MARS at work, even have a few books on it at home, but have found the the web interface and the over all control of it kludgy. It was in place before I started, and it became mine shortly there after. It's better than nothing, but sometimes I wish it could do more. (or I knew how to make it sing and dance the way I want).

I have used a few SIM tools and it really comes down to what vendors/devices the SIEM supports, whether or not you like the interface, what size your company is, and how much work you are willing to do to build rules.

For small to midsize companies take a hard look at TriGeo and Hightower (acquired by NetForensics). For large companies there are several good options, such as Loglogic, Novell Sentinel, RSA, etc.

I agree with the statements made so far on Cisco MARS also. I personally would not bother with MARS unless you are a Cisco only shop. There is some third party support, but it is not significant and is also not updated very often.

Has anyone had any experience with RSA's enVision solution?  I see that it is in the upper-right quadrant as well with Gartner, but would like some opinions.