If you use FORM-based authentication, you can define an error page. It is the page to which Tomcat will forward a client after login failure. You can handle logging there.
You can activate logging by tweking log4j.properties in jboss config.
Category shall be exact like full class name of
JbossSecurityMgrRealm ( look for it in server.xml under interceptors )
Alternative would be to subclass login module of your choice and bomb from there.