We have configured basic authentication for the JBoss console and have redirected the logon attempts to a new log file instead of the server.log file by including this code in log4j.xml:
<!-- Ensure the failed security attempts are logged --> <category name="org.jboss.security.auth.spi.UsersRolesLoginModule"> <priority value="DEBUG"/> <appender-ref ref="SECURITY_LOG"/> </category>