With today's model, you can use the existing LogService with LogEntry resources to capture these sorts of events. In terms of what sort of events you capture from a security perspective, this is ultimately up to your product requirements.
However, we do not have a standard message registry to enumerate these types of events. We do have NoValidSession in the Base Message Registry as a generic response to an unauthorized client; it's kept generic like this to ensure there isn't any leaking of information about what specifically might be wrong, which could help narrow down a point of attack. That said, from a purely logging perspective, implementers at this time would need to create their own message registry to capture this sort of information. But there might be use in standardizing on security types of events, and we might need to construct a Security Message Registry to help address this.