So, what sparked this was a post by my esteemed colleague about platforms. Not, not the platform shoes :-) Application platforms. In his post, Mr Baum climbs onto a platform :-) and proclaims that "the thoughtfulness by which we’re going about this [i.e. trying to become a platform] will yield much more than a bunch of hype." Despite that highly appropriate reference to "hype" :-), it is interesting that he chooses to point at such well-known application platforms as Facebook, Ning or Salesforce.com, but ignores an example much closer to home, in the domain of log management: LogLogic log management platform. To be honest, I am happy to welcome him to the platform club, where LogLogic resides since 12/2006. Platform is indeed the right way to go about log management, since the utility of logs is so broad: from mundane server troubleshooting to forensics to attesting to compliance mandates (and everything in between and around!)
To add more substance to this, let's review some of the key requirements for a log management platform:
- Overall platform requirements (good intro here): having an access API is central to this.
- Data access: in case of a log management platform, API should let users receive their log data in either raw or processed (i.e. "parsed" or tokenized) form.
- API for control: log analysis is not just searching, but also includes alerts and other things that sometimes needs to be tuned. API should allow that.
- Also, platform should enable broad, non-siloed approach to log management (silos are evil!) and thus allow any type of analysis and data access: not security-specific, not troubleshooting-specific, but broad, cross-domain approach, suitable for many types of users, from system admin to a CIO.
Finally, you know what? "Developer-centric ethos" sucks - I would much prefer a "user-centric ethos," since ultimately a platform is not built for people to play with it (like his? :-)), but for the end-users to do something useful with it and to solve problems that they have ... Development based on the platform is indeed critical - but not as critical as solving a problem at hand!