Audit logs nobody reads (until they do)

Audit logs are dead weight in your storage 364 days a year. On the 365th, when something goes wrong and someone needs to know who did what, they become the most important data your system has. Most audit log implementations don't survive contact with that day.

What goes wrong

• Logs are written but never queryable in a useful way.
• Retention is too short for the questions that get asked.
• Logs lack the context needed to reconstruct what happened.
• The interface is engineering-only — the compliance person who needs it can't use it.

What useful audit logs require

Structured fields, not opaque text. Per-resource queryability. Retention long enough for real investigations. A UI that someone outside engineering can use. Each of these is small effort during design and impossible to retrofit on the day they're needed.

Audit logs are insurance. Make sure the policy actually pays out before you need to file.