PCI/DSS has a requirement indicating that an application's log should be reviewed AT LEAST daily for security events. Most network/infrastructure professionals can review network device logs but won't be familiar with actual applications. The same can be said for most security professionals.
So, are developers really stepping up to this requirement? If you had to write a job description for a developer whose sole job was to review logs, what would it contain?
Security/severe events should probably be logged separately so that they are noticed quicker. Possibly send them with email or use some other technique so that the appropriate people are automatically notified. No one should have to review application logs to look for security events. As a developer I periodically review production errors. I am working to get support to have access to the errors and I will teach them how to interpret the most common errors but I will still handle the less common errors. Also when I review the prod errors I evaluate the messages of the most common errors to improve them.
So I think development should periodically review prod errors, make sure that important (i.e. security) logs are automatically sent to the appropriate people, and transmission handling of the most common errors to other groups (support infrastructure, security, etc). If someone's sole responsibility was to review logs I wouldn't call them a developer.