> > It does not appear to be possible to log failed login attempts
> > with the supplied login.  (ie the attempted login, etc.)
> # The authpriv log file should be restricted access;
> # these messages shouldn't go to terminals or publically-readable files.
> authpriv.*                                      /var/log/secure
> then it'll do what you want.

Make absolutely sure, though, that it's really what you want:  logging
actual supplied logins is often a great way to offer cleartext passwords
to an adversary...