The job on which I am currently working involves designing an architecture for a centralized logging and auditing system for heterogeneous environments. Now that the global functional architecture is nearing completion, I am listing product criteria and I am working to a short list of vendors and products that we will consider. On the list are GFI's EventManager, Cisco's Mars appliance and possible NetIQ's Security Manager.

All three products are basically capable of doing the same thing: they can collect log data from several sources (Event Logs, Syslog, SNMP traps, flat file) and understand a lot of the data provided via those mechanisms.

While I have been less than positive about Microsoft products, I am slowly revising my opinion. I still prefer Unix platforms for developers, but for office environments, Windows is really not as bad as I thought it was before.

I think there are two main reasons why I am honing my opinion:

1) I have never worked in a Windows-only environment.

2) I was never aware of products, such as MOM, SMS, etc.

I'll post a wrap-up of the functional design when it is ready and the company that I work for has given the green light.