Enabling security and auditing logs should be completed according to the specific operating system and computer manufacturer specifications and include
- establishing the number of security events to be recorded, including common types, such as
- any changes to user account and resource permissions
- any failed attempts for user logon
- any failed attempts for resource access
- any modification to the system files
- configuring auditing to customize the process
- recording selected types of events in the security log of the Web server.