> It does not appear to be possible to log failed login attempts
> with the supplied login.  (ie the attempted login, etc.) Am
> I wrong? 

failed logins are logged (without the attempted login name) at
LOG_NOTICE priority.

failed logins are logged _with_ the attempted login name at
LOG_NOTICE priority, and with the LOG_AUTHPRIV facility.

if you set up some lines in syslog.conf like:

# The authpriv log file should be restricted access;
# these messages shouldn't go to terminals or publically-readable files.
authpriv.*                                      /var/log/secure

then it'll do what you want.


cgd