There are a minimum set of events that should be logged on UNIX-like operating systems. Typically you would need to define requirements for your specific needs and add and modify them per requirements that you define.
Log the following events for a UNIX and UNIX like operating system outside of any global requirements for operating systems or global logging requirements.
| Category | Rationale |
| Escalation of privileges | Log who is using sudo to escalate privileges |
| Password changes | Log password changes |
| Kernel changes | Log kernel changes for potential security events |
| Permission Changes | Log file permission changes that may signify a breach |
| Connect Time Accounting | Log connection time events |
| Process Accounting | Log process related events |
| Error and Administrative Accounting | Log system errors and administrative events |