We don't want to always log request PII such as IP or user agent (e.g. we don't want to have enough information in the logs to track a reader), but we want to log them for various security-sensitive or abuse-prone actions such as login. Currently this is happening in a very ad hoc fashion, which leads to a lot of code duplication, and inconsistencies (e.g. different names for the same data in the PSR-3 context, which then makes it very annoying to build dashboards).
Description
Description
Details
Details
Related Changes in Gerrit:
Customize query in gerrit
Related Objects
Related Objects
- Mentioned In
- T412396: Pass through information about the client from the CDN to MediaWiki to Logstash
T407219: Enrich MediaWiki logs with IP reputation data in Logstash
T410878: wmfGetPrivilegedGroups is slow
T353339: Add support for dynamic placeholder replacement in logger.
T397754: Consider using Elastic Common Schema (ECS) in MediaWiki PSR-3 logs
T364705: Provide AbuseFilter condition for revertrisk threshold
T387600: IP Auto-reveal: Agree and implement metrics and instrumentation plan - Mentioned Here
- T406430: Bot password causing "No user provided and provider cannot set user" log entries
T406431: Bad OAuth request from {ip}
T406434: CentralAuthTokenSessionProvider::provideSessionInfo: centralauthtoken is invalid
rEPOP116363325dea: Update patch set 1
T397754: Consider using Elastic Common Schema (ECS) in MediaWiki PSR-3 logs
rESCR11601571a6bd: Update patch set 1
T364705: Provide AbuseFilter condition for revertrisk threshold
T387600: IP Auto-reveal: Agree and implement metrics and instrumentation plan
rMEXT116013838039: Updated mediawiki/extensions Project: mediawiki/extensions/DonationInterface…
T234565: Standardize the logging format
Event Timeline
Comment Actions
Some examples of what's logged currently (per this search:
- WebProcessor (added to all logs): url, http_method, referrer, reqId, ip (not the real IP though)
- RateLimiter: name, ip
- action API feature usage: username, clientip, agent, referer
- AuthManager: user, clientip
- SpamRegexConstraint in EditPage: ip
- ChronologyProtector: clientIP, clientAgent
- SessionManager / SessionBackend: clientip, user, userAgent
- OATH: user / clientip
- goodpass/badpass in Wikimedia config: name, user group / privilege information, clientip, xff, ua, geocookie
- CentralAuth login: user, clientip, ua
- IPReputation: ip
- EmailAuth: user, ua, ip
- EmailAuth (in WikimediaEvents): user, ua, ip, group / LoginNotify / IPoid / geocookie / 2FA / activity info
- LoginNotify: name, ip / clientip, ua, xff, geocookie
- OAuth: user, clientip
- ConfirmEdit: user, clientip, ua
- StopForumSpam: user, clientip
Comment Actions
https://doc.wikimedia.org/ecs/ contains a spec for most of these fields (xff and geocookie are not in ECS), so I think we could follow the ECS guidance for these.
Comment Actions
Change #1130543 had a related patch set uploaded (by Kosta Harlan; author: Máté Szabó):
[mediawiki/core@master] logger: Add client IP to logger context
Comment Actions
Change #1150677 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):
[mediawiki/core@master] [WIP] Unify logging of IP / user agent / etc on sensitive operations
Comment Actions
Change #1153618 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):
[mediawiki/extensions/CentralAuth@master] Add global existence info on GetSecurityLogContext hook
Comment Actions
Change #1153626 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):
[operations/mediawiki-config@master] Use GetSecurityLogContext hook for goodpass/badpass logging
Comment Actions
Ref: T234565: Standardize the logging format
I seem to recall a MediaWiki-specific subtask for that project which was declined, but I can't find anything like that so maybe I'm confabulating.
Anyway I think that's worth a separate task and a bigger discussion.
Comment Actions
Change #1150677 merged by jenkins-bot:
[mediawiki/core@master] Unify logging of IP / user agent / etc on sensitive operations
Comment Actions
Change #1153618 merged by jenkins-bot:
[mediawiki/extensions/CentralAuth@master] Add global existence info on GetSecurityLogContext hook
Comment Actions
Change #1153626 merged by jenkins-bot:
[operations/mediawiki-config@master] Use GetSecurityLogContext hook for goodpass/badpass logging
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2025-06-17T13:10:37Z] <tgr@deploy1003> Started scap sync-world: Backport for [[gerrit:1153626|Use GetSecurityLogContext hook for goodpass/badpass logging (T395204)]]
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2025-06-17T13:12:47Z] <tgr@deploy1003> tgr: Backport for [[gerrit:1153626|Use GetSecurityLogContext hook for goodpass/badpass logging (T395204)]] synced to the testservers (see https://wikitech.wikimedia.org/wiki/Mwdebug). Changes can now be verified there.
Comment Actions
Change #1160138 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):
[operations/mediawiki-config@master] Fix GetSecurityLogContext hook declaration
Comment Actions
Change #1160138 merged by jenkins-bot:
[operations/mediawiki-config@master] Fix GetSecurityLogContext hook declaration
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2025-06-17T13:23:13Z] <tgr@deploy1003> Started scap sync-world: Backport for [[gerrit:1160138|Fix GetSecurityLogContext hook declaration (T395204)]]
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2025-06-17T13:25:26Z] <tgr@deploy1003> tgr: Backport for [[gerrit:1160138|Fix GetSecurityLogContext hook declaration (T395204)]] synced to the testservers (see https://wikitech.wikimedia.org/wiki/Mwdebug). Changes can now be verified there.
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2025-06-17T13:35:00Z] <tgr@deploy1003> Finished scap sync-world: Backport for [[gerrit:1160138|Fix GetSecurityLogContext hook declaration (T395204)]] (duration: 11m 47s)
Comment Actions
Change #1160147 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):
[operations/mediawiki-config@master] Revert "Use GetSecurityLogContext hook for goodpass/badpass logging"
Comment Actions
Change #1160147 merged by jenkins-bot:
[operations/mediawiki-config@master] Revert "Use GetSecurityLogContext hook for goodpass/badpass logging"
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2025-06-17T13:43:20Z] <tgr@deploy1003> Started scap sync-world: Backport for [[gerrit:1160147|Revert "Use GetSecurityLogContext hook for goodpass/badpass logging" (T395204)]]
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2025-06-17T13:45:32Z] <tgr@deploy1003> tgr: Backport for [[gerrit:1160147|Revert "Use GetSecurityLogContext hook for goodpass/badpass logging" (T395204)]] synced to the testservers (see https://wikitech.wikimedia.org/wiki/Mwdebug). Changes can now be verified there.
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2025-06-17T13:50:36Z] <tgr> broke login for ~30 min by deploying the wrong patch (T395204)
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2025-06-17T13:53:45Z] <tgr@deploy1003> Finished scap sync-world: Backport for [[gerrit:1160147|Revert "Use GetSecurityLogContext hook for goodpass/badpass logging" (T395204)]] (duration: 10m 24s)
Comment Actions
Change #1160157 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):
[operations/mediawiki-config@master] Reapply "Use GetSecurityLogContext hook for goodpass/badpass logging"
Comment Actions
Change #1160157 merged by jenkins-bot:
[operations/mediawiki-config@master] Reapply "Use GetSecurityLogContext hook for goodpass/badpass logging"
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2025-06-23T21:01:54Z] <kharlan@deploy1003> Started scap sync-world: Backport for [[gerrit:1163004|Reapply "ores: Disable AbuseFilter integration by default" (T364705)]], [[gerrit:1155725|Configure event stream for IP auto-reveal instrument (T387600)]], [[gerrit:1160157|Reapply "Use GetSecurityLogContext hook for goodpass/badpass logging" (T395204)]]
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2025-06-23T21:04:28Z] <kharlan@deploy1003> kharlan, tgr, tchanders: Backport for [[gerrit:1163004|Reapply "ores: Disable AbuseFilter integration by default" (T364705)]], [[gerrit:1155725|Configure event stream for IP auto-reveal instrument (T387600)]], [[gerrit:1160157|Reapply "Use GetSecurityLogContext hook for goodpass/badpass logging" (T395204)]] synced to the testservers (see https://wikitech.wikimedia.org/wiki/Mwdebug). Changes can now
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2025-06-23T21:16:46Z] <kharlan@deploy1003> Finished scap sync-world: Backport for [[gerrit:1163004|Reapply "ores: Disable AbuseFilter integration by default" (T364705)]], [[gerrit:1155725|Configure event stream for IP auto-reveal instrument (T387600)]], [[gerrit:1160157|Reapply "Use GetSecurityLogContext hook for goodpass/badpass logging" (T395204)]] (duration: 14m 51s)
Comment Actions
Change #1163633 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):
[operations/mediawiki-config@master] Pass SecurityLogContext to logger
Comment Actions
Change #1163633 merged by jenkins-bot:
[operations/mediawiki-config@master] Pass SecurityLogContext to logger
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2025-06-25T08:15:41Z] <kharlan@deploy1003> Started scap sync-world: Backport for [[gerrit:1163633|Pass SecurityLogContext to logger (T395204)]]
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2025-06-25T08:17:53Z] <kharlan@deploy1003> kharlan: Backport for [[gerrit:1163633|Pass SecurityLogContext to logger (T395204)]] synced to the testservers (see https://wikitech.wikimedia.org/wiki/Mwdebug). Changes can now be verified there.
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2025-06-25T08:28:01Z] <kharlan@deploy1003> Finished scap sync-world: Backport for [[gerrit:1163633|Pass SecurityLogContext to logger (T395204)]] (duration: 12m 19s)
Comment Actions
Change #1130543 abandoned by Kosta Harlan:
[mediawiki/core@master] logger: Add client IP to logger context
Comment Actions
Change #1199471 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):
[mediawiki/core@master] WebRequest::getSecurityLogContext: Log if user is a bot
Comment Actions
Change #1227265 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):
[mediawiki/core@wmf/1.46.0-wmf.11] WebRequest::getSecurityLogContext: Log if user is a bot
Comment Actions
Change #1199471 merged by jenkins-bot:
[mediawiki/core@master] WebRequest::getSecurityLogContext: Log if user is a bot
Comment Actions
Change #1227265 merged by jenkins-bot:
[mediawiki/core@wmf/1.46.0-wmf.11] WebRequest::getSecurityLogContext: Log if user is a bot
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2026-01-15T09:27:47Z] <kharlan@deploy2002> Started scap sync-world: Backport for [[gerrit:1227265|WebRequest::getSecurityLogContext: Log if user is a bot (T395204)]]
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2026-01-15T09:29:53Z] <kharlan@deploy2002> kharlan: Backport for [[gerrit:1227265|WebRequest::getSecurityLogContext: Log if user is a bot (T395204)]] synced to the testservers (see https://wikitech.wikimedia.org/wiki/Mwdebug). Changes can now be verified there.
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2026-01-15T09:36:51Z] <kharlan@deploy2002> Finished scap sync-world: Backport for [[gerrit:1227265|WebRequest::getSecurityLogContext: Log if user is a bot (T395204)]] (duration: 09m 04s)