Cyber Doc logo Cyber Doc
Cybersecurity Term

What is logging?

Records of system, account, and security events used for monitoring and investigation.

Security Operations Last reviewed: 2026-05-20

← Back to Learn Centre

What is logging?

Logging is the recording of events such as sign-ins, errors, changes, security alerts, and system activity.

Simple example

Microsoft 365 records sign-ins and mailbox actions that can help investigate a suspicious login.

Why it matters

Good logs make incidents easier to investigate and help detect problems earlier.

Common warning signs

  • The activity is unexpected or unusual for the business context.
  • The request or system behaviour creates pressure to act quickly.
  • Normal approval, verification, or security processes are bypassed.
  • There are signs of unauthorised access, data exposure, or system change.
  • Staff are unsure whether the request, message, or system behaviour is legitimate.

Cyber Doc view

This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.

What to do

Proactive steps

  • Enable logging on important systems.
  • Keep logs for a useful retention period.
  • Protect logs from tampering.
  • Review high-risk events and alerts.
  • Know where key logs are stored.

Reactive steps

  • Preserve relevant logs quickly.
  • Export logs before they expire or rotate.
  • Use logs to build a timeline of events.
  • Look for related activity across systems.
  • Share logs securely with responders.

Related terms

  • Security monitoring
  • Timeline analysis
  • Incident response