Some types of security events can cause audit or error records to be written in the event log.
By default, audit records are written only for authentication failure. It is possible to configure the system for more or less authentication audit using the audit.bus.authentication custom property on the bus. This can be set to all, failure, or none.