This is probably not the best or cheapest solution for this, but I send the WW access.log via syslog to our QRadar SIEM. I'm still not able to solve all our issues with these logs. I think we might need to turn on some additional logging. You could even just have WW send syslog to a syslog server.
