Audit alarms generated for specific events can help managers identify and assess performance problems, security violations, and potential application flaws. Maintaining a history of audit alarms creates a traceable record of system activity by application and system processes and by users of these applications and systems.
Auditing can assist with:
Reconstructing events after a problem has occurred, such as a system outage
Determining when and how normal operations ceased by reviewing system activity
Verifying that the system or resources have not been adversely affected by intruders or technical problems