As part of my course project I'm trying to understand various security frameworks and best practices.

One of the very popular approach is to maintain Logs. My question is about the security of the log file itself. Since most of the logs provide a clear trace of how the application handles errors, how secure is a log file?

Can a hacker inject malicious code in a log file? What are the ways to secure a log file if it creates a vulnerability (May be encoding, but then how effective it can be)?

Lastly, is it worth spending huge amounts of time, energy and money on securing logs?