id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
26629	Login failures should be logged	Jacob Kaplan-Moss	nobody	"Login failures [*] should emit logging messages. There are a couple of good reasons for this:

- Many compliance regimes (all those deriving from NIST-800-53, so FISMA, PCI, HIPAA, etc) require logging of failed login attempts.
- It'll makes integration with a SIEM easier out of the box.

[*] we may want to log successes, too, or have a configuration option or somesuch. I tend to think successes are noise, but reasonable people disagree on that point.

[One of a series of bugs from a discussion I had with @mallyvai about improving the security of Django's admin - see https://gist.github.com/mallyvai/bcb0bb827d6d53212879dff23cf15d03 for the full list.]

"	New feature	closed	contrib.auth	1.9	Normal	duplicate	login security logigng		Unreviewed	0	0	0	0	0	0