What are available logs that provide security-related information, for OPSMVS RESTful Web Services? 

Release : 14.0

The following logs might be useful: webSvcListener.log, OPSWEB PROC output and localhost_access_log, this one is Tomcat and by default resides under tomcat_deploy_dir/tomcat/logs.

The webSvcListener.log file will include a message like the below one if the trace level on OPSWEB proc is set to DEBUG. 

LoginContext.login OK for "Subject:
 Principal: UsernamePrincipal: AUTMSTC
that identify the userid that made the REST request

The Tomcat log(localhost_access_log) could be useful since web services 'logon' happens under the Tomcat server when REST requests are received.