Thanks for getting in touch! You are correct, we don't currently write any events to the audit log about authentication attempts/success/failure. We do write a warning message to the Octopus Server logs, but those are intended to be more informational.
At this point, the Audit Log in Octopus is all about recording successful actions which mutate the state of your world due to actions by authorized users. This would be the first set of events we'd start writing for anonymous users, and my concern about that is the potential impact of any anonymous user causing harm.
At this point in time we feel like we are taking a good, if conservative, approach to the problem, and see where we decide to go from there.
I'd be interested to understand if there is anything specific you would need beyond what we are planning to provide. :)