Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Remove debug log files before deploying the application into production.
Protect log files against unauthorized read/write.
Adjust configurations appropriately when software is transitioned from a debug state to production.