I am regularly confronted by Windows NT users who are overwhelmed by how much information you can collect and process using the Windows NT Event Viewer. It is so nice, they maintain, that occurrences (events) are sorted by system, security and applications. They go on with how much you can filter the entries and search for specific values.
The problem is, that’s where it stops. With the exception of a few security
related events, what you are able to log (or not log) is not configurable under
Windows NT. You get whatever Microsoft has decided is necessary. No more and
no less. You can filter what is displayed, but there is little you can do to
restrict what is logged.
With Linux the situation is completely different. Not only can you tell the system what the system should log but exactly where it should log it. On the other hand, Windows NT always logs specific events to a specific file. In addition, Windows NT differentiates between only three different types of logs. This means you may need to wade through hundreds if not thousands of entries looking for the right one. Not only can you say what is logged and what not, you can specifically define where to log any given type of message, including sending all (or whatever part you define) to another machine, and even go so far as to execute commands based on the messages being logged.