I set up a draft documentation page:
Application Security Logging
It is based on the events listed in the OWASP Logging Vocabulary Cheat Sheet: Logging Vocabulary - OWASP Cheat Sheet Series
It includes a <logger name="xxx" level="xxx"/> code snippet for each logger configuration that needs to be set in the logback.xml file to comply with the OWASP recommendations.
I would appreciate some help with this draft, as monitoring XWiki from a security perspective isn’t exactly straightforward (hopefully just for me) 