You gotta have logs basically so you have to stuff like failed login attempts ,people trying to attack you should have evrything and anything being logged specially in high value applications and you should be alerted if someone is scanning against you and stuff like that.You can put this on a pentest report and just send it to a employer.
Logs should only be stoed locally though.