When a user logs in with a username but with the incorrect password, the user audit logs (FrontEndlog.txt and Forwarded Events , i.e. Syslog) do not show the user name. Even if the user is a valid user. (this happens with both local and LDAP/AD user logins) The attempted username name be reported in any case? For audit and security reasons (so we can see what accountname is being attempted). this should be logged.
We need to know if failing log in is either a valid user , multiple unique users?
Also if someone is trying to perform a denial attack are trying a specific account.
Also doing troubleshooting, we cannot tell if a valid user is even entering credentials.