When building an application that uses data, it’s generally good to establish a log file to trace all critical operations. This logging is done either for regulatory purposes or to track the progress and development of a given process for future performance engineering optimization. We write to a file which is generally called an audit log. Audit logs are usually text files stored in a secure location that can result from a specific process or the output of monitoring tools put in place to ensure the proper deployment and operation of a particular process.
Audit logs can also be called audit trails. They are generally used when an outage or a security issue of a particular system has occurred. A retrospective analysis of the situation (commonly called post-mortems in Agile-based software development teams) is underway to understand the causes of the issue. Generally, these files record events and changes but can also be aggregations of streaming logs across a specific network of devices that tracks certain events.
The type of activity and change recorded depends on the nature of the audit log itself, which can have a purpose. For example, a security audit log captures all the access and changes being done in a specific database. Another type of log can be an operation audit log, in which we dump the results of transformations being done to a certain portion of data. Teams can also use logs to track the performance of operations to, later on, be used during code refactoring according to performance engineering operations.
The users that act as system administrators, SRE, InfoSec, and DevOps teams generally make the most use of these kinds of files. These teams aggregate information that can be examined to detect activity that might compromise sensitive information or can be used to provide insight into a particular behavior observed during system operations.
The log’s intended nature will also define the necessary parameters that should be written to it. For example, suppose a particular audit log is being used to track events related to events in a specific system. In that case, it is necessary to record all activity involved by this system, whether the change was successful, and who the user performed the action. This information can be later on be used to identify possible faults in the configuration of that system, security, or performance, as well as to identify points of failure that might compromise the system in the future.
It is also important to mention that these files should be stored in locations separated from the system that they are tracking and in secure locations. This is because if a system is, for example, compromised due to a security breach, the attacker cannot access the log files to cover its tracks.
Depending on the nature of the audit log, it is also essential to document and keep track of the variables being logged in well-documented templates that vary according to the application.