Rsyslog is way beyond Windows Event Logger. Audit trails should still work but I don't know if your GPO maps to server configuration automatically. It's easy to test, though. If you want to get started with Samba quickly, you can use Zentyal.
I didn't mean to say that the Windows Event Log is better than syslog or Rsyslog, but it has a particular structure that is really dissimilar, as well as access patterns (WMI, WinRM) that lack an analog.
That's MSFT and their NIH syndrome for you. Fortunately, there are several projects which allow you to map Event Log to syslog such as the aptly named "Eventlog To Syslog" ( http://code.google.com/p/eventlog-to-syslog/ ). This allows you to replace WMI with actual SQL (as Event Log can't use an SQL backend itself), and leverage all of the functionality of an RDBMS.
Similarly, my employer offers a product[1], which I have worked on, that can subscribe to Event Logs, syslog, ZMQ, etc., and do whatever you like with them. The inspiration to write this was the near-impossibility of getting the interesting, mostly AD-related stuff before all the super-chatty, useless crap pushes it out of the circular logs.
