During the Security/Logging meeting on 01/22/2019 (notes captured in https://wikitech.wikimedia.org/wiki/Security/logging) a request was made to review and improve the logging and auditing capabilities of the LDAP directory servers used by WMF infrastructure. This is a parent task to review possible solutions and track progress.
A first stab at the steps involved are:
- Describe events that should be logged
- Review possible changes to the directory servers to generate needed audit logs
- Ensure that the logs are written and shipped in a durable way, such that they can be replied on when needed in the future
- Define retention period for this log type
- Parse logs to generate actionable alerts where appropriate