Log unsuccessful login attempts of non-users
Currently the events table logs the following login behavior:
3. Session Timeout
4. Password Invalid
5. User Lockout
These are only logged if the user has a valid account within the system.
Can we record within the event table when there is an invalid login of any kind, for example if I attempt to log in with the username firstname.lastname@example.org and this user does not exist then a record showing a EventCode of "InvalidUser" would be stored with the submitted username shown in the EventData Column.
This would allow for more accurate auditing of login activity.
As this could possibly cause the size of the Event Table to increase quickly could this be added as an option either within Configuration > Authentication area or as record within the configuration table.