We have quite a few tomcat servers I usually admin. What we do is use log4j to actually log all webapp logging to a central log server. What I'm most interested in (from a sysadmin point of view) is to have a look at the logging the container produces itself (in this case tomcats).
So, in order to have look at a few tomcats at a time when things go awry (usually when they are misbehaving) I use a combination of ssh and multitail
, which works pretty well under unix. The idea being that you ssh into each box simultaneously and tail the catalina.out file. Multitail has syntax coloring support included and is flexible enough to let you add your own coloring by using regular expressions. When I have to investigate something that happened a few hours ago, I always have to look at the catalina logs themselves, obviously raw.
As per the alarms what I use is a python script that I run in the background, integrated with the startup/shutdown scripts for each tomcat. It basically tails the catalina.out file looking for stuff I find interesting and generating an alert (sms, email, etc) depending on the severity of the issue. I know it might not be the best solution around but it works for me pretty well (and the script is actually not complicated and can be written in your language of choice).
I know this might not be what you are looking for but this is my approach and I'm happy with it by keeping it under the KISS principle. I hope it helps.