Operating system event logging

Centrally logging and analysing security-relevant events, including configuration changes, for operating systems can assist in monitoring the security posture of systems, detecting malicious behaviour and contributing to investigations following cyber security incidents.

Typical security-relevant events for operating systems that can be logged include:

• changes to security policies
• failed user logons and account lockouts
• failures, restarts and changes to important processes, services and scheduled tasks
• operating system and application usage, error messages and crashes
• security product-related events
• successful process creations and terminations
• successful user logons and logoffs
• system startups and shutdowns.