There are a minimum set of events that should be logged on UNIX-like operating systems. Typically you would need to define requirements for your specific needs and add and modify them per requirements that you define.
Log the following events for a UNIX and UNIX like operating system outside of any global requirements for operating systems or global logging requirements.
|Escalation of privileges||Log who is using sudo to escalate privileges|
|Password changes||Log password changes|
|Kernel changes||Log kernel changes for potential security events|
|Permission Changes||Log file permission changes that may signify a breach|
|Connect Time Accounting||Log connection time events|
|Process Accounting||Log process related events|
|Error and Administrative Accounting||Log system errors and administrative events|