Good to see links to the other solutions available. I would certainly agree that Zeus has more than other ADCs in terms of network-side scripting options.

I think "a lot less pain than iRules" really depends on your expertise and ability to grasp languages. Someone familiar with TCL or similar scripting languages will be more at ease with iRules than anything Zeus offers, while someone proficient with PHP or Java would certainly be far more comfortable with Zeus' solutions.

It's all a matter of perspective. Both are great options and I hardily encourage developers and architects alike to check out all the options and dive in.

"Monitoring" was not part of the equation and that's part of the problem. The implication in the cited article was that logs IN AND OF THEMSELVES result in better security. That's simply not true. Monitoring logs is better, but analysis and even reactive tools that make use of those logs is better. That improves security, but log files don't..

Absolutely agree that logs are an enabler of security. Either someone needs to look at them (analysis) or they need to be leveraged via third-party tools (if you're looking to do more real-time analysis or catch a breach in progress).

And very good point on the investigation aspect - I was thinking more external facing (breach) but there's also good for internal facing (infection/containment).

Yes, ma'am, we are on the same page. :)

You have a good point, although the log file is merely enabling better security, not the cause of it. ;-) Subtle difference that needs to be pointed out so people remember that simply turning on logging isn't - by itself - doing anything to improve security. You have to actually leverage the log file - either by reading it, as you point out, or using other tools to act on what's in the log file.