Log management - Windows vs. Linux

by Dustin Puryear

Since I had “Windows vs. Linux” on the brain (as opposed to “Windows and Linux”, which happens now and then as well), I was thinking back to a recent meeting I had for the Baton Rouge Information Systems Security Association, which is part of the national ISSA. We were discussing upcoming topics, and one item that came up was log management.

Things that we all agreed needed to be discussed in a presentation were issues such as:

* How in the world do you view the logs from all of your servers?
* How do you filter out noise from important events?
* How do you store logs for future review, audits, and regulatory compliance?

The funny thing about that discussion is that the group that had the biggest problem understanding possible solutions were those that ran Windows.

Outside of enterprise settings, log management is just a completely under-served Windows market. Now, don’t get me wrong, there are plenty of log management solutions that work just great with Windows; some are open source, and some are commercial. But that’s not the point. The real issue is even if Linux and UNIX sysadmins aren’t actively managing their logs, they at least understand that it is possible. But a lot of Windows sysadmins don’t even think about this problem, much less try and pursue a solution.

This reminds me of the Shapir-Worf Hypothesis, which I learned in an anthropology class at LSU a long, long time ago. Essentially, Shapir-Worf says that the language you think in has a very big impact on how you think. A tad simplistic, but it makes sense to some extent.

It seems to me that an IT'ish Shapir-Worf is also at play here. Your view of the world in IT, and the problems and solutions available in that world, is in large part dictated by your platform of choice.

Obvious? Perhaps.

So, I just pointed out how this has limited Windows sysadmins to some point. In what way has this limited non-Windows sysadmins? What about Linux sysadmins?


Seth Dickerson
2008-03-12 08:27:22
The way we think about an OS has a huge impact on how we interact with it and this is one example. Another way to look at this is in the area of automation. Most Linux admins, by nature, create scripts to automate routine tasks (log file management, etc.) because they think in text and all text is parseable. Many Windows admins don't see it that way - and therefore write few scripts - because they are used to thinking in forms and that doesn't translate as well into something easy to break down. This is not an OS argument per se, but an interface argument (primarily text-driven vs. primarily form-driven).