Friday, August 24, 2007

Size Does Matter :-)

A long time ago, I made a promise to myself to not use this blog to attack competitors (in a broader sense of the word - companies related to log management). And, in general, our marketing folks told me that boosting "other's" web rankings is not a good idea :-)

However, there are always exceptions :-) In this case, I am making an exception because I need to take apart something profoundly stupid. And because it is kinda fun :-)

So, the seemingly smart folks at Dorian said: "It seems that upper management loves to approach enterprise log management as a quest for the one holy grail product that can manage logs from hundreds of different devices and operating systems, in addition to folding the laundry and making coffee.This approach to procuring log management technology is fatally flawed from the outset." [A.C. - their emphasis]

and then even

"
The thousands of log generating devices and operating systems in today's marketplace truly and completely prevents any vendor from being a polymath at all of them."

Well, after I stopped laughing at the naivete of the above, I realized that I have never seen a company call itself incompetent with such elegance :-) Have these people heard about taxonomies, normalization, common schemas, cross-device correlation? Or even full-text indexing? You know, the simple stuff :-) How deep under the bush one has to crawl to miss all that?

So, it is not some "evil" "upper management" doing it, it is just common sense talking :-) Indeed, one of the main benefits of log management is in being able to analyze all logs, from all places, all the time (not "some logs, from some platforms, sometimes" :-)) And, analyzing all logs does NOT mean that your solution will be super-complex and cost a million bucks! Yes, sometimes you have to fall back to using a domain-specific log analysis tool, but only if your task is esoteric enough (example: analyzing web logs for specific purchasing behavior) or if you have a small and specific task at hand (example: need to review logs on my desktop). In most other cases, you'd want to cover as much as possible with one tool.

So, to conclude, device-specific log management is so deeply idiotic, I don't want to spend a single second more on that. Stop!

Dr Anton Chuvakin