Which of the following is a best practice for security monitoring in logging?

Effective security monitoring in logging hinges on bringing data together and keeping it trustworthy and usable for decision-making. Centralized collection lets you search and correlate events across all systems, giving you a coherent view of what happened rather than isolated scraps from individual machines. Synchronizing clocks across servers is crucial because it makes timestamps comparable; when incident timelines are stitched together, you can determine the sequence of actions accurately. Immutable storage protects logs from tampering, so you can trust the integrity of the records during investigations or audits. Defined retention periods ensure you keep enough history to investigate and meet regulatory requirements, while avoiding uncontrolled data growth. Finally, alerting on anomalies turns raw log data into timely signals, enabling rapid detection and response to suspicious activity. The other options miss one or more of these essential elements, which is why they are not suitable as best practices for security monitoring in logging.