Solr needs a well defined plugin point to implement audit logging functionality, which is independent from whatever AuthenticationPlugin or AuthorizationPlugin are in use at the time.
It seems reasonable to introduce a new plugin type AuditLoggerPlugin. It could be configured in solr.xml or it could be a third type of plugin defined in security.json, i.e.
We could then instrument SolrDispatchFilter to the audit plugin with an AuditEvent at important points such as successful authentication:
We will mark the impl as @lucene.experimental in the first release to let it settle as people write their own plugin implementations.