I am wondering if it makes sense to put failed attempts to login into the syslog including the information like user and password ?
Right now it only logs information that there is a failed attempt when there is invalid user. The motivation for writing these information into syslog is to figure out if there is an auditable trail of the brute force attempts ( example dictionary attack ) or just the user forgot the password. I supposed the downside this scheme is that whoever got hold of read access to the log will know what is considered invalid attempts ? Any comments ?
