Interview kitsBlog

Your dream job? Lets Git IT.
Interactive technical interview preparation platform designed for modern developers.

XGitHub

Platform

  • Categories

Resources

  • Blog
  • About the app
  • FAQ
  • Feedback

Legal

  • Privacy Policy
  • Terms of Service

© 2026 LetsGit.IT. All rights reserved.

LetsGit.IT/Categories/Security
Securitymedium

What security signals should you log and monitor, and why?

Tags
#logging#monitoring#security-events
Back to categoryPractice quiz

Answer

Log auth events (login failures, MFA changes), privilege changes, access to sensitive data, and unusual traffic patterns. Monitor for spikes, geo-anomalies, and failed actions to detect abuse early and support incident response.

Advanced answer

Deep dive

Security logs must be actionable and privacy-aware:

  • Auth events: logins, failures, MFA enrollment/disable, token issuance.
  • Privilege events: role changes, admin actions, policy edits.
  • Data access: reads of sensitive data, exports, bulk operations.
  • Anomalies: geo-velocity, IP reputation, sudden spikes.

Examples

Minimal log schema:

{ userId, action, target, result, ip, userAgent, traceId }

Common pitfalls

  • Logging secrets or full PII in clear text.
  • No correlation IDs, so incidents cannot be traced end-to-end.
  • No alerting, so logs are only used after a breach.

Interview follow-ups

  • How do you balance privacy vs detection?
  • What events should trigger immediate paging?
  • How long should logs be retained?

Related questions

PostgreSQL
How do `pg_stat_activity` and `pg_stat_statements` help in troubleshooting?
#postgres#monitoring#pg_stat_activity
Cloud
Observability: how do metrics, logs, and traces differ?
#cloud#observability#metrics
Monoliths
Correlation ID in a monolith: what is it and where do you generate it?
#monoliths#logging
#request-id
Monoliths
Structured logging: what is it and why is it useful in a monolith?
#monoliths#logging#observability
PostgreSQL
What is `pg_stat_activity` used for?
#monitoring#pg_stat_activity#postgres