The logs of user activities on a Level 4 system should include the identity of the user, the user's IP address, the time and the action taken. This log is primarily for post incident analysis.See also: Level 4, Manage Servers with High Risk Confidential Information, SC7, Servers C