Audit log events

Following events can be logged as audit events:

• Authentication events (successful or failed login attempt)
• Authorization events (successful or failed attempt to access resources or data)
• System configuration modification
• Create, read, delete, or update resources or data
• Failure of session management
• Changes to user privileges
• Database access (success or failure)
• Network or application firewall, Intrusion Detection System (IDS), or Intrusion Prevention System (IPS) events
• Amount of system use
• System start, shutdown, or reboot events
• Application or system failure events

Following data must not be included in the audit logs:

• Sensitive information
• User credentials
• Passwords
• Bank account details
• Access token
• Authentication token
• File system path or information
• Database query or string
• Encryption or decryption keys