Corcava logoThe Only Business Tool You NeedCorcava
Menu
Solutions
Industries
DesignersHR RecruitingLaw FirmsReal EstateConsultingDigital MarketingAccountingEcommerceSoftware Development
Product
FeaturesIntegrations
BlogDownload
Resources
TemplatesDocsMCPFAQAPIComparisonsRoadmapWhat's New$ Affiliate Program
Pricing
Free 14‑day trial

No credit card required

Observability for MCP Integrations: Logs, Tracing, and Auditing

Monitor and audit MCP usage effectively. This ops guide covers recommended log fields (tool name, user, timestamp, status), alerting on spikes, and reviewing write actions safely to maintain visibility and security.

Recommended Log Fields

Log these fields for every MCP tool call:

Essential Log Fields

  • tool_name: Which MCP tool was called (e.g., list_tasks, create_task)
  • user: User identifier (API key name, user ID, or client identifier)
  • timestamp: When the tool call occurred (ISO 8601 format)
  • status: Success or failure (success, error, timeout)
  • duration_ms: How long the call took in milliseconds
  • error_code: Error code if failed (401, 403, 400, 429, etc.)

Example Log Entry

{ "tool_name": "list_tasks", "user": "api_key_cursor_laptop", "timestamp": "2026-01-25T10:30:00Z", "status": "success", "duration_ms": 245, "project_id": "proj_123", "filters": {"status": "open", "due_date": "this_week"} }

This format: Structured, searchable, includes context

Logging Write Operations

Write operations require additional logging:

Write Operation Log Fields

  • operation_type: create, update, delete
  • resource_id: Task ID, project ID, etc.
  • before_state: Previous state (for updates)
  • after_state: New state (for creates/updates)
  • user_confirmation: Whether user approved the operation

Example Write Log Entry

{ "tool_name": "update_task", "user": "api_key_claude_desktop", "timestamp": "2026-01-25T10:35:00Z", "status": "success", "operation_type": "update", "resource_id": "task_456", "before_state": {"status": "open"}, "after_state": {"status": "in_progress"}, "user_confirmation": true, "duration_ms": 180 }

This format: Full audit trail for write operations

Alerting on Spikes

Set up alerts for unusual patterns:

Recommended Alerts

  • Error rate spike: Alert if error rate exceeds 10% in 5 minutes
  • Tool call volume: Alert if calls exceed 100/minute (possible loop)
  • Write operation spike: Alert if writes exceed 20/minute (unusual activity)
  • Rate limit hits: Alert on any 429 rate limit errors
  • Auth failures: Alert on multiple 401/403 errors (possible key issue)

Alert Configuration Example

Alert Rules

# Example alert rules (pseudo-code) - Alert if error_rate > 10% in 5min window - Alert if tool_calls > 100/min for same user - Alert if write_operations > 20/min - Alert on any 429 rate_limit errors - Alert if 401_errors > 3 in 1min (possible key issue)

Benefits: Early detection of issues, security monitoring, performance tracking

Reviewing Write Actions Safely

Regularly review write operations for security and accuracy:

Write Action Review Checklist

  • Daily review: Review all write operations from previous day
  • Focus on deletes: Pay special attention to delete operations
  • Check confirmations: Verify user_confirmation was true for writes
  • Review errors: Investigate any failed write operations
  • User patterns: Look for unusual patterns per user

Review Query Example

Daily Write Review

# Query for daily review SELECT tool_name, user, operation_type, resource_id, timestamp, status, user_confirmation FROM mcp_logs WHERE operation_type IN ('create', 'update', 'delete') AND timestamp >= NOW() - INTERVAL '1 day' ORDER BY timestamp DESC

This query: Shows all write operations from last 24 hours

Monitoring Setup

Log Aggregation

Recommended Setup

  • Centralized logging: Aggregate logs from all MCP clients
  • Structured format: Use JSON logs for easy parsing
  • Retention: Keep logs for at least 90 days (compliance)
  • Search capability: Enable full-text search on log fields
  • Dashboards: Create dashboards for key metrics

Key Metrics to Track

Monitoring Metrics

  • Tool call volume: Calls per hour/day by tool
  • Error rate: Percentage of failed calls
  • Response time: Average and p95 latency
  • Write operations: Count of create/update/delete per day
  • User activity: Tool calls per user/client
  • Rate limit hits: Frequency of 429 errors

Audit Trail

Maintain comprehensive audit trails:

Audit Requirements

  • Immutable logs: Logs should not be modifiable after creation
  • Complete context: Include all relevant fields for each operation
  • User attribution: Always log which user/client made the call
  • Before/after state: For updates, log both states
  • Retention policy: Define how long to keep audit logs

Best Practices

Observability Best Practices

  • Log everything: Log all tool calls, not just errors
  • Structured logging: Use JSON format for easy parsing
  • Include context: Log relevant IDs, filters, parameters
  • Set up alerts: Configure alerts for anomalies
  • Regular reviews: Review write operations daily/weekly
  • Dashboard visibility: Create dashboards for key metrics
  • Retention compliance: Follow data retention requirements

Related Resources

MCP Security

Security best practices

Security Checklist

Security audit checklist

Error Handling

Handle errors gracefully

API Key Management

Key rotation and monitoring

Monitor Your MCP Integration

Set up logging, alerting, and audit trails for complete visibility

Security Guide →Security Checklist