There are different kinds of logs you may want/need for your application. Your language runtime and operating system are probably already creating error logs for issues encountered in the code or runtime environment – things like referencing a PHP variable that was never defined. Your software may want to log additional things to the system error log or a separate log when it recognizes an invalid state, like bad or missing data.
Other logs are informational, and track activity for the purpose of debugging or statistics. Your web server's access log is a great example. You can track activity, memory usage, third-party API request timings or timeouts…anything that would help your developers improve the software or help any other stakeholders make informed decisions about how it's used.
Another important type of log is an audit log, sometimes called a compliance log. Some contracts or regulations may call for detailed logging of certain activities, such as logins and credit card transactions. Your stakeholders may want to track admin activity so they know who's responsible if someone does something they're not supposed to.
One important thing to keep in mind when logging – especially compliance logs: don't include personally identifying information (PII) in logs, because your log files probably aren't stored with the same security standards as the rest of your data.
Logging doesn't come free. It's an I/O operation. So, don't write more information than you need, and regularly review what your software is logging to make sure it's still relevant. You may have started logging something in response to an incident five years ago, and that information really isn't relevant anymore.
If your software is running on multiple servers, consider aggregating your logs into a central store like Splunk that lets you view and evaluate activity across all your hardware.