You are responsible for the logging and monitoring path for a production application that handles sensitive customer and operational data. The current setup is fragmented across application logs, infrastructure metrics, and alerting, and incidents have been hard to investigate because signals are incomplete or delayed. You also need to make sure the logging path itself does not expose sensitive data or become a new reliability bottleneck.
How would you design a scalable logging and monitoring solution for this system? Be explicit about the trust boundaries, the controls you would put in place to protect log data, and how you would verify that detection and alerting actually work.