When managing out log sources, we must often evaluate them for their detection capabilities. We know that not all log sources are created equally, but how can we tell? Well we can do this two ways:
First, we can see if ther are any standards of logging that we can hold our logs to. For example, if you are a Splunk user, you can use thier CIM, Common information Model to define all of the pertinent data points you need to log, (Per splunk's opinion).