Audit logs are the bedrock of security investigations and compliance, yet implementing them effectively in production remains a challenge. We explore expert strategies for structuring immutable logs, separating them from application noise, and choosing the right tooling to avoid costly pitfalls.