Here is an excerpt from a Symantec Reporter journal when the user either entered in a bad userid, or a bad password.
BCRJ:2010-03-18 20:44:20 (4ba2f314) NOR.WARN.AUTHE
src/sg_authenticate.cpp,172,ValidateLocalUser
worker_thread_00001160(4448),,
Invalid local password checksum for user user_e221e6602af911df9098f0004d76775d
BCRJ:2010-03-18 20:44:20 (4ba2f314) NOR.INFO.WEBSE
src/sg_webserver.cpp,6578,PostAuth
worker_thread_00001160(4448),,
PostAuth => Attempted non-existent user
Here's we see both the Authentication (AUTHE) , and the Webserver (WEBSE) code responding.
For more information on how to read journal files, and other generic messages found in them, please see KB3460
.