Logging - The Only Way to Know What's Happening

Your server is doing things. You don't know what. Your application is running. Is it working? Is it broken? You have no idea. That's what happens when you don't log. You're flying blind, hoping everything is fine. That's not operations. That's optimism.

No logs = no visibility = no debugging. Hope is not a strategy.

Log Levels

Not all messages are equal. Use the right level:

DEBUG - Detailed info for development
INFO - Normal operation events
WARNING - Something weird happened
ERROR - Something failed
CRITICAL - System is going down

# Syslog levels (low to high)
0: Emergency   - system is unusable
1: Alert       - action must be taken immediately
2: Critical    - critical conditions
3: Error       - error conditions
4: Warning     - warning conditions
5: Notice      - normal but significant
6: Informational - informational messages
7: Debug       - debug-level messages

System Logging

Linux has built-in logging. Use it:

# View system logs
journalctl                    # Systemd journal
tail -f /var/log/syslog      # Debian/Ubuntu
tail -f /var/log/messages    # RHEL/CentOS

# Filter by service
journalctl -u nginx
journalctl -u docker

# Filter by time
journalctl --since "1 hour ago"
journalctl --since "2026-01-01"

# Follow in real-time
journalctl -f

Application Logging

Your code should log. Here's how:

# Python
import logging
logging.basicConfig(level=logging.INFO)
logging.info("Server started on port 8080")
logging.error("Connection failed")

# Node.js
const winston = require('winston');
const logger = winston.createLogger({
  level: 'info',
  format: winston.format.json(),
  transports: [new winston.transports.File({ filename: 'app.log' })]
});
logger.info('Server started');

# Go
import "log"
log.Printf("Server started on port %d", port)
log.Fatal("Failed to start server")

Centralized Logging

When you have multiple servers, aggregate logs in one place:

# ELK Stack (Elasticsearch, Logstash, Kibana)
# Logstash receives, Elasticsearch stores, Kibana visualizes

# Loki (Grafana's logging solution)
# Much cheaper than ELK, integrates with Prometheus

# Rsyslog config for remote logging
*.* @@logserver.example.com:514

Log Rotation

Logs grow forever. That will fill your disk. Rotate them:

# /etc/logrotate.d/nginx
/var/log/nginx/*.log {
    daily           # Rotate daily
    missingok       # OK if missing
    rotate 14       # Keep 14 days
    compress        # Compress old logs
    delaycompress  # Compress after rotation
    notifempty     # Don't rotate empty
    create 0640 www-data adm  # New file permissions
}

What to Log

Log the important stuff. Not everything:

Requests - Start/end of important operations
Errors - What went wrong, stack traces
Auth - Logins, logouts, failures
Changes - Configuration modifications
Performance - Slow queries, timeouts

Don't log:

Passwords or secrets
Personal identifiable information (PII)
Every single request (too much noise)
Debug info in production

The Point

When something breaks at 3am, you don't have time to reproduce the issue. You need to look at what happened. That's what logs are for. They're your time machine. They show you the past.

Configure logging properly. Use the right levels. Rotate your logs. Store them somewhere you can search. Because the moment something goes wrong, you'll thank your past self for setting this up.