💡
we should ensure that all potentially significant application events generate logging entries, including those provided on this list assembled by Anton A. Chuvakin, a research VP at Gartner's GTP Security and Risk Management group: Authentication/authorization decisions (including logoff) System and data access System and application changes (especially privileged changes) Data changes, such as adding, editing, or deleting data Invalid input (possible malicious injection, threats, etc.) Resources (RAM, disk, CPU, bandwidth, or any other resource that has hard or soft limits) Health and availability Startups and shutdowns Faults and errors Circuit breaker trips Delays Backup success/failure To make it easier to interpret and give meaning to all these log entries, we should (ideally) create logging hierarchical categories, such as for non-functional attributes (e.g., performance, security) and for attributes related to features (e.g., search, ranking).