What constitutes "adequate" logging is highly dependent on what you are trying to protect (i.e., confidentiality of data, criticality of application, etc.) It also depends on the type of hardware (e.g., NetWare, Windows, UNIX, etc.) environment you are in. All platforms offer different logging options.
Some things I would consider are: Login failures Intruder lockouts Changes to individual or group profiles Addition or deletion of users System shutdowns and restarts Changes to file permissions (file access) Changes to security settings Any type of authority failure (e.g., a user tries to access a program or data file but is not allowed) Changes to registry (Windows) This is NOT an exhaustive list by any means. - Cliff
