Since I had “Windows vs. Linux” on the brain (as opposed to “Windows and Linux”, which happens now and then as well), I was thinking back to a recent meeting I had for the Baton Rouge Information Systems Security Association, which is part of the national ISSA. We were discussing upcoming topics, and one item that came up was log management.
Things that we all agreed needed to be discussed in a presentation were issues such as:
* How in the world do you view the logs from all of your servers?
* How do you filter out noise from important events?
* How do you store logs for future review, audits, and regulatory compliance?
The funny thing about that discussion is that the group that had the biggest problem understanding possible solutions were those that ran Windows.
Outside of enterprise settings, log management is just a completely under-served Windows market. Now, don’t get me wrong, there are plenty of log management solutions that work just great with Windows; some are open source, and some are commercial. But that’s not the point. The real issue is even if Linux and UNIX sysadmins aren’t actively managing their logs, they at least understand that it is possible. But a lot of Windows sysadmins don’t even think about this problem, much less try and pursue a solution.
This reminds me of the Shapir-Worf Hypothesis, which I learned in an anthropology class at LSU a long, long time ago. Essentially, Shapir-Worf says that the language you think in has a very big impact on how you think. A tad simplistic, but it makes sense to some extent.
It seems to me that an IT’ish Shapir-Worf is also at play here. Your view of the world in IT, and the problems and solutions available in that world, is in large part dictated by your platform of choice.
So, I just pointed out how this has limited Windows sysadmins to some point. In what way has this limited non-Windows sysadmins? What about Linux sysadmins?