Where should an /opt package write logs?

I would place them in /var/log/package_name; it satisfies the principle of least surprise better than /var/opt/package_name/log. I don't have a citation for this; it simply matches where I'd look for logs.

I might also forego writing my own log files, and instead log to syslog with an appropriate tag and facility; if I'm looking for clean integration with established analysis tools, I don't believe I can do better for a communications channel:

• Every generic tool with "log analysis" as a listed feature already watches syslog.
• Log file release and rotation semantics are handled for me; I don't have to set up a mechanism for logrotate to tell me to let go of the file and open a new one. I don't even have to tell logrotate about new files to rotate!
• Offloading logs to central logging servers is handled for me, if the site demands it; Existing established tools like rsyslog will be in use if needed, so I don't have to contemplate implementing that feature myself.
• Access controls (POSIX and, e.g. SELinux) around the log files are already handled, so I don't need to pay as much attention to distribution-specific security semantics.

Unless I'm doing some custom binary format for my log and even then, I prefer syslog-friendly machine-parseable text formats like JSON. I have a hard time justifying my own separate log files; analysis tools already watch syslog like a hawk.

As you are following the FHS conventions for your package configuration files, you should be consistent and store the log files in /var/opt/package_name/log.

The FHS states:

Variable data of the packages in /opt must be installed in /var/opt/

and also states

No other package files may exist outside the /opt, /var/opt, and /etc/opt hierarchies except for those package files that must reside in specific locations within the filesystem tree in order to function properly. For example, device lock files must be placed in /var/lock and devices must be located in /dev.

Having the log files under /var/opt doesn't prevent the package to function properly so using /var/log instead clearly violates the standard.

It is unclear what you mean by "is this discoverable?" as you custom logs are likely to be handled by custom tools anyway but assuming a generic tool is designed to process them, it should explore the standard location for unbundled packages like yours.

Note that syslog is a useful facility to centralize and tune the logging configuration but doesn't fully solve the issue about where to store logs when you have to do it in plain files with a well known path. Some files sometimes stored in an application log directory are designed to be accessible using their expected path by the application itself or by associated programs, for example a file storing a process ID, so syslog won't work for them.