web service WS-Security Policy authentication failure

I have a web service provider in webMethods 9.7 that uses the Username_Signature_Encryption WS-Security Policy. I am able to authorize access based on message-level username/password when calling the service.

How can I log authentication and authorization failures to the web service? I have the IS Security Log enabled in IS Administrator with Generate Auditing Data on set to “Success or Failure” and everything checked under “Security Areas to Audit”. I don’t get any log entries for calls to the web service.

I do get log entries for other events like logging in to IS Administrator.

It might be that everything works well. Just the audit data is written not to the server log but to a DB table. Consult the docs to find out where the audit data get written to.

I can’t find any mention of security logging in the Web Services Developer Guide.

In IS Administrator, my security logger is configured to use the database. I have found the WSSECURITY table that has entries that exactly match what I see in Logs->Security.

If there is some special place logging message-level WS-Security failures, I can’t find it.