An audit log is a useful way of observing actions that are being performed in a system. A useful application of this concept is recording important administrative actions that are being performed on a system, such as a security audit log. You typically want reasonable retention for recording these events, and when done correctly, can be a useful way to query for key modifications that have occurred in the system.
This should be captured where ever the work is being performed. In this case, it does not necessarily need to contain the information that leads execution of the event, and can for example be contained within the functions that perform the work.
Every action that is taken and it’s corresponding outcome should be considered a unit of work.
Typically, you want to isolate audit log type events from other events that may occur in your system, such as system calls mentioned above. It will be useful to examine the audit log once in a while to see if it provides you sufficient information to identify the action that is being executed.