Appendix B: Compliance Considerations : Use Cases: Why Logs Should be Available : Frequency of Review
Frequency of Review
Logs should be reviewed daily for unauthorized or unusual and suspicious activity on all systems, especially those that handle intrusion detection, authentication, and authorization. This requires review and verification of logs to establish baselines of normal operations, such as monitoring access and authorization (every login and logout) from the console, network, and remote access points. More frequent and routine log analysis for security often helps give early identification of system configuration errors, failures, and issues that can impact SLAs.