DevOps at a big company is a full-time job for a full team. At a 3-person startup, it’s 10% of one engineer’s time. Here’s how to set up log monitoring that actually works at that scale.
Rule 1: Log at boundaries, not inside logic
Don’t log every function call. Log at the boundaries of your system:
- HTTP request received / response sent
- External API call made / response received
- Background job started / completed / failed
- Authentication events
This keeps log volume low and keeps logs meaningful.
Bad:
function processUser(user) {
console.log('Processing user'); // noise
const result = transform(user);
console.log('Done processing'); // noise
return result;
}Good:
app.post('/users', async (req, res) => {
log.info('User created', { userId: user.id, plan: user.plan });
res.json(user);
});Rule 2: Always use structured JSON
Never log plain strings. Always log JSON objects. This is the single highest-ROI change you can make to your logging setup.
// Bad
console.log('User 123 signed up with email [email protected]');
// Good
log({ level: 'info', event: 'user.signup', userId: '123', email: '[email protected]' });Structured logs let you filter by any field instantly. Plain string logs require regex and guesswork.
Rule 3: Set up two alerts only
Don’t build 20 alerts on day one. You’ll tune them for weeks and still get alert fatigue. Start with exactly two:
- Error rate spike — alert when error rate exceeds 5% over 5 minutes
- Complete silence — alert when you receive zero logs for 15 minutes (the service is down)
These two catch 90% of real incidents. Add more after you’ve learned your system’s normal behavior.
Rule 4: Keep 7 days hot, archive the rest
Hot storage (fast, queryable) is expensive. Archive storage (cold, cheap) is not. Keep 7 days in your primary database and move older logs to blob storage (S3, R2).
Most post-mortems happen within 48 hours. 7 days gives you plenty of runway without paying for months of hot storage.
Rule 5: Use one log destination
The temptation is to log to console AND a log service AND a database. Don’t. Pick one destination and log everything there. Multiple destinations create consistency problems (which one has the real logs?) and double your costs.
Practical checklist
- Structured JSON logging (not strings)
- Service name on every log event
- Request ID / trace ID for correlation
- Error rate alert
- Silence alert
- 7-day hot retention policy
- Single log destination
That’s it. Don’t overthink it.
What ScryWatch does for you
ScryWatch handles rules 4 and 5 automatically: 7-day hot retention with automatic R2 archival, and a single API endpoint for all log ingestion. You implement rules 1, 2, and 3 in your code — we handle the infrastructure.