The idea is to have a specific atlassian-jira-security.log that contains important events such as user logged in, logged out, session created and so on.

This would allow for more specific information about how is logged into JIRA and when.

This has been mooted for a while and is now being done in response to the Atlassian security incident.