just log everything
Seems like a good idea. Storage is cheap, logs help debug, and they are useful in incident response, where all information you can get your hands on matters. But logs come with their downsides. Unprotected logs are a treasure trove of information to hackers and provide deep insight into how a system works.
Everything from event logs, system logs, resource logs can and will be exploited if they fall into the wrong hands. This doesn’t only involve external threat actors but internal threats like employees (whatever the reason might be). Logs should be treated like any other protected resource, and companies should follow proper access management protocols to safeguard themselves.
There is a delicate balance between the amount of logs and their usefulness, and the amount has a point of diminishing returns. Proper alert systems should accompany logs to automate their usefulness. Each organization will have different needs and should adopt a standard logging system to ensure easy management.
In summary, log what you need to but not needlessly as it increases the attack surface. There is a cost to logs don’t pay with security.