Security logging will show you what is happening on your network, when it is happening and who is doing it. And it will provide you with evidence of those activities. With servers and domains, security logs are a standard feature and will show you who logged in, when and for how long, and will also record oother features like privilege usage. You could also turn on logging on your file systems to audit access to certain resources.
It all depends on how valuable your data and resources are - if you have a government network with sensitive data then you'll probably be logging comprehensively. But if it's a small network in a training centre that gets wiped every week then maybe not
Security Logging is used to provide details about Internet connections and other firewall activities. It is not enabled by default when a user enables the ICF on a Windows XP computer. It consists of three basic tasks, namely enabling logging, accessing the log, and reading log entries. Security Logging must be enabled to view the ICF log file information. By default, the security log file is located in \Windows\Pfirewall.log.