Audit trails are logs that can be designed to record activity at the system, application, and user
level. When properly implemented, audit trails provide an important detective control to help accomplish security policy objectives. Many operating systems allow management to select the level of auditing to be provided by the system. This determines which events will be recorded in the log. An effective audit policy will capture all significant events without cluttering the log with trivial activity. Audit trails can be used to support security objectives in three ways:
(i) Detecting unauthorized access to the system,
(ii) Facilitating the reconstruction of events, and
(iii) Promoting personal accountability.