What types of logs should be collected for security monitoring?

Security monitoring requires logs from multiple sources. Authentication logs record login attempts, successes, and failures. Firewall logs record allowed and denied network connections. Web proxy logs record internet access and blocked sites. DNS logs record domain lookups that may indicate command and control communication. Email gateway logs record inbound and outbound messages and blocked threats. Endpoint logs record process execution, file changes, and registry modifications. Application logs record user activities and errors.