Debugging/security logs are probably one of the last things that I'd want to hand over to customers without some serious scrubbing first. Either on purpose or accidentally (backtraces, var dumps) I've found things that I wouldn't want turned over to customers (passwords, access tokens, etc.) in logs of various project I've worked on. That var dump on a random object that was put in when tracking down some issue that could only reproduce on production seems innocent enough until someone adds an object to that one and all of a sudden the logs have passwords/account balances/etc. in them. Even if you are scrubbing them, handing over the debug/security logs just seems to introduce too large a point where you could accidentally leak information. The safe solution is to build out logging as a feature and then I completely agree with patio11 that if you need audit trails etc. you're in the enterprise game now and it (rightfully so) comes with a price tag to match.
