Make username of person/account logging in (unsuccessful attempt) (currently in core.log) in audit.log (TSA Security Act UK)

[floreseo2]

Hi there and hoping you're well -
For the Telecommunications Security Act (a new set of UK lawful regulations)- we need to please to have the following event within
the audit log of Harbor:
Make username of person/account logging in (unsuccessful attempt of login), time/date stamp (currently in core.log, but it's our understanding that core.log content doesn't work with the syslog forwarding function in Harbor, instead the event needs to be in audit.log - so thereby the issue is make unsuccessful login events with username of user, time/date stamp, available to audit.log. (Medium Priority - as the local log does have it - but can't be forwarded to SIEM/SOC).
https://assets.publishing.service.gov.uk/media/6384d09ed3bf7f7eba1f286c/E02781980_Telecommunications_Security_CoP_Accessible.pdf
(Section 5.7, page 43).
Thank you