Logging is unfortunately an area of IoT security that has lagged behind, and innovative new approaches are needed to collect data from constrained devices and transmit that data for analysis. There are use cases where logging is made difficult due to sporadic connectivity, devices entering sleep states, and limited resources.
Design systems where IoT devices are capable of recording all access as well as specific security-related events such as failed remote access attempts (such as by SSH or web), detected tamper events, failed privilege escalation attempts, firmware updates, configuration changes, and account modifications.
Log data will likely not ...