Picketbox logs an ERROR with a stacktrace on each failed login:

See:

catch (LoginException e)

{ // Don't log anonymous user failures unless trace level logging is on if (principal != null && principal.getName() != null) PicketBoxLogger.LOGGER.errorDuringLogin(e); authException = e; }

09:57:30,100 ERROR [org.jboss.security] (http-/127.0.0.1:8080-6) PBOX000206: Login failure: javax.security.auth.login.LoginException: Login failed for
at org.exoplatform.services.security.jaas.DefaultLoginModule.login(DefaultLoginModule.java:136) [exo.core.component.security.core-2.5.0-CR1.jar:2.5.0-CR1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_25]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_25]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_25]
at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_25]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) [rt.jar:1.6.0_25]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [rt.jar:1.6.0_25]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [rt.jar:1.6.0_25]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_25]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.6.0_25]
at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [rt.jar:1.6.0_25]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.13.Final-redhat-1.jar:4.0.13.Final-redhat-1]

in http://anonsvn.jboss.org/repos/picketbox/tags/4.0.14.Final/picketbox-infinispan/src/main/java/org/jboss/security/authentication/JBossCachedAuthenticationManager.java

Failed login are expected from users and shouldn't be logged. This will seriously pollute EPP 6 logs.