... I really should not. But - darn it! - how can I miss a potential blog fight related to log management?
So, it seems like Raffy baited some poor folks from Prism with his post on "IT search" (what an abomination of a term!). But, seriously, "IT search" is a marketing term (nothing wrong with that, BTW!), so it will mean whatever the folks who coined feel at any given moment. I really hate it when folks try to argue objectively with a clear fluke.
I think this debate is mostly about two approaches to logs: collect and parse some logs (typical SIEM approach) vs collect and index all logs (like, ahem, "IT search").
You can see where this one is going, right? :-)
Yes, Virginia! You do need to do BOTH - and you know who does both? LogLogic!
Dr Anton Chuvakin
