How much of your public cloud do you need to log? According to enterprise managers, everything. And why not? They have access to virtually unlimited processing and storage resources, so they turn on all logs.
Logging comes in different flavors. You can log the use of storage systems, such as Amazon Web Services' S3, log the use of databases, log the use of server instances, log the network, log security, and log governance.
Moreover, you can choose the granularity with which the logs record events. You can record everything or only certain events, such as failure to write to a disk. However, sometimes for log controls, everything is either on or off.
What I find is that most organizations simply turn logging on for everything when they're given cloud resources.
The cloud providers are certainly down with this because doing so consumes more resources and thus generates more income for them (and higher bills for you). Often, this "log it all" habit wastes resources and money, especially because those the logs are rarely read or analyzed.
How do you figure out what to log?
First, understand what needs to be logged to be compliant with regulations and legal recommendations. And understand that the laws and legal standards differ from country to country, so be sure your logging is good enough in each country you operate in to keep you out of jail.
Second, look at what meaningful events need to be tracked. System-resource failures are a good example of items you should always track. Another is data that’s out of a typical threshold (such as sales of more than $50,000). A third is anything that you should be alerted about when it happens, not only exceptions but key routine activities like a delivery of parts or a regular maintenance shutdown and restart.
Don't be lazy and log everything. It'll cost you money and drown you in data when there is a need to actually find or explore items. Instead, think through what logs would actually be used and for what purposes. That'll tell you how to spend your log dollars and time.
Sign up for Computerworld eNewsletters.