How do you use system logs (such as Windows Event Viewer or Linux syslog) to investigate a suspected unauthorized access attempt?