3 separate realms.
Policy to define what's allowed (you haz a policy, whether it is written down or even thought about).
Enforcement of that policy. FW, IPS, application fw. The higher in the stack the fw goes, the closer it should be in the net topology to the target it defends.
Audit the enforcement of that policy. IDS, stats, flow.
And rather than tie everything together, how about focus on the 3-4 sources that really kick ass? FW logs are not useful. Focus on what your targets are doing, not what the millions of bots are prevented from doing.
http://taosecurity.blogspot.com/ is your source for clear thinking on this subject.