Expand and document logging behavior, especially for message and authentication events

[myuseraccount]

At the very least, an application with authentication should be able to log authentication events. (It's called "logging in" for a reason.) There doesn't seem to be a way to enable this with the application as designed. I need this in order to use Fail2ban, which monitors logfiles and uses the firewall to block addresses with repeated login failures.

Monica uses the Monolog logging library. There appears to be some level of customizing designed into the app, as shown in config/logging.php: there are variables to set a different log mechanism ("channel" and "driver") used by Monolog. It would seem that adding the following variables to .env would change logging to send to another host running a syslog-compatible service:

LOG_CHANNEL=papertrail PAPERTRAIL_URL=192.168.0.10 # why is this called a URL? should it be syslog://loghostname instead? PAPERTRAIL_PORT=514

However, testing this is difficult at best, as very few events in the application cause it to log anything whatsoever. The only log entry I have is from days ago, when I tried to load my large .vcf contacts list, and it failed with a timeout. This lack of logging impacts people trying to debug other issues, such as email configuration (see issue #1436). It also doesn't appear that setting APP_DEBUG=true has any effect on logging behavior.

I'd like to see the following:

• config variable for logging verbosity (log more or fewer event types)
• logging of the following events (based on the above verbosity setting):
  • email queued
  • email sent, with SMTP result
  • user signup attempted, with source IP address
  • user signup completed
  • user login success, with source IP
  • user login failure, with source IP
  • MFA verification failure, with source IP
  • MFA authenticator added/removed, with source IP
• documentation of logging configuration options, both existing in config/logging.php and the suggested variable to control verbosity of logging