| name | logging |
| description | Implement structured, secure logging with proper levels, correlation IDs, and redaction |
Logging
Implement effective logging — structured format, appropriate levels, correlation IDs, and sensitive data protection.
When to Use
- Adding logging to new services or features
- Reviewing existing logging for security and quality
- Setting up observability infrastructure
- Debugging production issues through log analysis
Workflow
1. Choose a Structured Logger
Use a logging library that supports structured (JSON) output — not console.log.
| Language | Library |
|---|
| JavaScript/TS | pino, winston |
| Python | structlog, python-json-logger |
| Go | zerolog, zap |
| Java | SLF4J + Logback |
2. Set Log Levels
| Level | When | Example |
|---|
error | Unexpected failure | Database connection lost |
warn | Concerning but handled | Retry succeeded |
info | Business events | User registered |
debug | Dev details (off in prod) | Function parameters |
3. Include Correlation IDs
Every request should carry a unique ID through all log entries:
const requestId = req.headers['x-request-id'] || uuid()
logger.info('Order processed', { requestId, orderId, userId })
4. Redact Sensitive Data
Never log: passwords, tokens, API keys, PII, credit card numbers
logger.info('Login', { email, password })
logger.info('Login', { email, passwordProvided: !!password })
5. Configure Per-Environment
| Setting | Development | Production |
|---|
| Level | debug | info |
| Format | Pretty printed | JSON |
| Output | Console | Log aggregator |
6. Verify
Red Flags
| Signal | Action |
|---|
| Secrets appearing in logs | Add redaction immediately |
console.log in production code | Replace with structured logger |
| Debug logging enabled in production | Set level to info or higher |
| Error logged AND re-thrown | Choose one — log or throw |
Related Skills
Backing Guide