10 Logging best practices
This chapter covers:
- Applying log levels to help filter and prioritize actions,
- Identifying characteristics of good logs,
- Making operational activities easier with good logs,
- Impact of legislation upon logging,
- Coding practices for improved logging,
Irrespective of how log entries are generated, whether that is applications writing to stdout, stderr, OS event frameworks, or logging frameworks they all benefit from some core practices that will make the log event more useful, meaningful, and easier to consume.
We will explore what should and should not be logged, and the implication of logging in terms of security and legislative requirements.
10.1 Audit events vs log events
Figure 10.1 Venn diagram showing the relationship between logging and auditing.

When is an event an audit event, and when is it a log event? Let’s start with defining what the two events are.
- Audit events are typically a record of an action, event, or data state that needs to be retained to provide a formal record that may be required at some future point to help resolve an issue of compliance (such as accounting processes or security).
- Log events are a record of something that has occurred, the log event will be provided for a technical reason which may range from showing how a transaction has been handled to reporting unexpected circumstances to show how code is executing.