Insufficient logging and monitoring is an important security risk because it can help to enable so many other types of vulnerabilities. In order for attackers to be successful, they need to go undetected for as long as possible. When logging and monitoring are insufficient, then an attack can go unnoticed for a period of time.

A software system needs the ability to answer some fundamental who/what/when questions. Being able to associate user accounts with an event, reconstruct what happened before, during, and after an event, and know when different events occurred can all help you become aware of a security vulnerability.

Centralized log management is crucial because log data must be easy to consume. ...