So you have a Rule-Declare-Trigger on Log-SecurityAudit class, which options do you have on your trigger ? I guess you are not looking at any specific property do you ?
I'm not sure if you really need to use a Trigger at this point, the login isn't accepted, right, why don't you just an activity on the login process directly ? Anyway, when the login isn't accepted, can you see an instance been created on Log-SecurityAudit as expected ?
also just for record, which PRPC version are you using ?