INFORMATION SECURITY PORTAL
AUDIT TRAIL (SECURITY LOGGING)
An Audit trail or security logging is needed when handling personal data, sensitive information or when traceability is required. It is also an enabler to be proactive, e.g. using a SIEM solution with analytics capabilities.
Depending on what requirements are on your solution there are different requirements on the Audit trail, e.g. if personal data is handled you need to comply with GDPR and be able to see who has done what with the personal data.
Below are some guidelines/standards regarding what to store in your Audit trail based on what data you are handling in your solution.
OWASP Logging Cheat Sheet is focused on providing developers with concentrated guidance on building application logging mechanisms, especially related to security logging.
Application logging should be consistent within the application, consistent across an organization's application portfolio and use industry standards where relevant, so the logged event data can be consumed, correlated, analyzed and managed by a wide variety of systems.
The OWASP Security Logging project provides developers and ops personnel with APIs for logging security-related events. The aim is to let developers use the same set of logging APIs they are already familiar with from over a decade of experience with Log4J and its successors, while also adding powerful security features.
NIST Special Publication 800-92, "Guide to Computer Security Log Management," establishes guidelines and recommendations for securing and managing sensitive log data.
PCI-DSS / PA-DSS logging and monitoring requirements.
“Logging mechanisms and the ability to track user activities are critical in preventing, detecting and minimizing the impact of a data compromise. The presence of logs in all environments allows thorough tracking, alerting and analysis when something does go wrong.”