Back to Catalog
Microservices
Observability
Audit Logging
Immutable log of who did what, when — for compliance, debugging, and forensics.
Intent & Description
Real-world Use Case
User updates their payment method. Audit log records userId, action=UPDATE_PAYMENT, timestamp, old/new values (masked). Security team can reconstruct exactly what happened and when.
Source
📌 TL;DR
Audit logs are your receipts. Write every important action, keep it immutable, and you’ll never be caught empty-handed.
Advantages
- Compliance-ready out of the box (GDPR, SOC2, HIPAA)
- Forensic trail for security incidents
- Debugging aid — replay exact sequence of events
- Supports “who changed this?” queries instantly
Disadvantages
- Can generate enormous log volume at scale
- PII in audit logs needs careful masking / retention policies
- Performance impact if synchronous on every write
- Querying unstructured audit logs can be painful without good tooling