10 Logging best practices
This chapter covers:
- Applying log levels to help filter and prioritize actions,
- Identifying characteristics of good logs,
- Making operational activities easier with good logs,
- Understanding the impact of legislation upon logging,
- Coding practices for improved logging.
The technology used is only as good as the log events themselves, regardless of how log entries are generated, whether applications write to stdout, stderr, OS event frameworks, or logging frameworks. To maximize the technical investment, we need to make the log events and their creation as effective as possible.
We have delved deeply into the technology, so we need to do the same for log events. This chapter will explore what should and should not be logged in terms of business data. Examine what information can make log events more helpful. With that, we'll identify some practices to help get values from the log events. The business data our systems process can be subject to a wide variety of contractual and legislative requirements. So we look at some of the better-known legislation needs, some options to mitigate their impact and some sources that can help us identify any other legislative requirements that can impact the use of logging.
10.1 Audit events vs log events
Figure 10.1 Venn diagram showing the relationship between logging and auditing.

When is an event an audit event, and when is it a log event? Let's start with defining what the two events are.