If the framework or language has a structured exception handler (i.e.
try catch ), it should be used in preference to functional error handling. Logs should be written so that the log file attributes are such that only new information can be written (older records cannot be rewritten or deleted).
If it does, debug mode should be triggered by editing a file or configuration option on the server.
In particular, debug should not enabled be an option in the application itself.
All logging components should be synced with a timeserver so that all logging can be consolidated effectively without latency errors.
This time server should be hardened and should not provide any other services to the network. Logs are useful in reconstructing events after a problem has occurred, security related or not.
Production code should not be capable of producing debug messages.
Code that covers 100% of errors is extraordinarily verbose and difficult to read, and can contain subtle bugs and errors in the error handling code itself.
Motivated attackers like to see error messages as they might leak information that leads to further attacks, or may leak privacy related information.
Be sure to keep logs safe and confidential even when backed up.
Logs can be fed into real time intrusion detection and performance and system monitoring tools.