diff --git a/README.md b/README.md
index 3e7d20c9..d72c9859 100644
--- a/README.md
+++ b/README.md
@@ -115,6 +115,7 @@ docker run -d \
   -p 8080:8080 \
   -v /location/of/trainingData:/usr/share/tesseract-ocr/5/tessdata \
   -v /location/of/extraConfigs:/configs \
+  -v /location/of/logs:/logs \
   -e DOCKER_ENABLE_SECURITY=false \
   --name stirling-pdf \
   frooodle/s-pdf:latest
@@ -136,6 +137,7 @@ services:
       - /location/of/trainingData:/usr/share/tesseract-ocr/5/tessdata #Required for extra OCR languages
       - /location/of/extraConfigs:/configs
 #      - /location/of/customFiles:/customFiles/
+#      - /location/of/logs:/logs/
     environment:
       - DOCKER_ENABLE_SECURITY=false
 ```
diff --git a/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationFailureHandler.java b/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationFailureHandler.java
index 9f52a5e3..2b1eba33 100644
--- a/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationFailureHandler.java
+++ b/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationFailureHandler.java
@@ -6,7 +6,6 @@ import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.LockedException;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
-
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -16,6 +15,8 @@ public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationF
     @Override
     public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) 
       throws IOException, ServletException {
+    	String ip = request.getRemoteAddr();
+        logger.error("Failed login attempt from IP: " + ip);
         if (exception.getClass().isAssignableFrom(BadCredentialsException.class)) {
         	setDefaultFailureUrl("/login?error=badcredentials");
         } else if (exception.getClass().isAssignableFrom(LockedException.class)) {
diff --git a/src/main/resources/log4j.properties b/src/main/resources/log4j.properties
deleted file mode 100644
index d6a58a9f..00000000
--- a/src/main/resources/log4j.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-log4j.rootLogger=ERROR,stdout
-log4j.logger.com.endeca=INFO
-# Logger for crawl metrics
-log4j.logger.com.endeca.itl.web.metrics=INFO
-
-log4j.appender.stdout=org.apache.log4j.ConsoleAppender
-log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-log4j.appender.stdout.layout.ConversionPattern=%p\t%d{ISO8601}\t%r\t%c\t[%t]\t%m%n
\ No newline at end of file
diff --git a/src/main/resources/logback.xml b/src/main/resources/logback.xml
new file mode 100644
index 00000000..9b01ab79
--- /dev/null
+++ b/src/main/resources/logback.xml
@@ -0,0 +1,51 @@
+<configuration>
+
+    <!-- Console Appender -->
+    <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <!-- Rolling File Appender -->
+    <appender name="AUTHLOG" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>logs/invalid-auths.log</file>
+        <encoder>
+		    <pattern>%d %p %c{1} [%thread] %m%n</pattern>
+		</encoder>
+
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- daily rollover and keep 7 days' worth of history -->
+            <fileNamePattern>auth-%d{MM-dd-yyyy}.log</fileNamePattern>
+            <maxHistory>1</maxHistory>
+        </rollingPolicy>
+    </appender>
+
+	<!-- Rolling File Appender -->
+    <appender name="GENERAL" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>logs/info.log</file>
+        <encoder>
+		    <pattern>%d %p %c{1} [%thread] %m%n</pattern>
+		</encoder>
+
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- daily rollover and keep 7 days' worth of history -->
+            <fileNamePattern>info-%d{MM-dd-yyyy}.log</fileNamePattern>
+            <maxHistory>1</maxHistory>
+        </rollingPolicy>
+    </appender>
+
+
+    <!-- Root Logger -->
+    <root level="${LOG_TYPE}">
+        <appender-ref ref="CONSOLE"/>
+        <appender-ref ref="GENERAL"/>
+    </root>
+
+    <!-- Specific Logger -->
+    <logger name="stirling.software.SPDF.config.security.CustomAuthenticationFailureHandler" level="ERROR" additivity="false">
+        <appender-ref ref="CONSOLE"/>
+        <appender-ref ref="AUTHLOG"/>
+    </logger>
+
+</configuration>