The Risk
Without trustworthy logs you cannot tell whether an incident happened, what was touched, or who did it. Poor logging also creates its own risks. Missing security events leave attacks invisible. Logs that record passwords or tokens become a treasure for attackers. Logs an intruder can edit erase the very evidence you need.
The danger is treating logs as an afterthought rather than as an evidence trail.
The Defense
- Log security relevant events such as authentication, authorization decisions, and changes to sensitive data, with who, what, and when.
- Never log secrets like passwords, tokens, or full card numbers, and redact sensitive fields.
- Send logs to a separate append only store so an attacker on the host cannot rewrite them.
- Include enough context to trace a request across services with a correlation id.
- Protect and retain logs per policy, and monitor them for anomalies.
Key idea
Record security events with enough context to investigate, redact secrets, and ship logs to a tamper resistant store so the trail survives the incident it records.