I am regularly confronted by Windows NT users who are overwhelmed by
how much information you can collect and process using the Windows NT Event
Viewer. It is so nice, they maintain, that occurrences (events) are sorted by
and applications. They go on with how much you can
filter the entries and search for specific values.
The problem is, that's where it stops. With the exception of a few security
related events, what you are able to log (or not log) is not configurable under
Windows NT. You get whatever Microsoft has decided is necessary. No more and
no less. You can filter what is displayed, but there is little you can do to
restrict what is logged.
With Linux the situation is completely different. Not only can you tell the
system what the system should log but exactly where it should log it. On the
other hand, Windows NT always logs specific events to a specific file. In
addition, Windows NT differentiates between only three different types of
logs. This means you may need to wade through
hundreds if not thousands of entries looking for the right one. Not only can you
say what is logged and what not, you can specifically define where to log any
given type of message, including sending all (or whatever part you define) to
another machine, and even go so far as to execute commands based on the
messages being logged.