diff --git a/options.go b/options.go
index 303dcc3..006969f 100644
--- a/options.go
+++ b/options.go
@@ -22,6 +22,13 @@ func PublicKeyAuth(fn PublicKeyHandler) Option {
 	}
 }
 
+func AuthLog(fn AuthLogHandler) Option {
+	return func(srv *Server) error {
+		srv.AuthLogHandler = fn
+		return nil
+	}
+}
+
 // HostKeyFile returns a functional option that adds HostSigners to the server
 // from a PEM file at filepath.
 func HostKeyFile(filepath string) Option {
diff --git a/server.go b/server.go
index be4355e..20c3a3d 100644
--- a/server.go
+++ b/server.go
@@ -41,6 +41,7 @@ type Server struct {
 	KeyboardInteractiveHandler    KeyboardInteractiveHandler    // keyboard-interactive authentication handler
 	PasswordHandler               PasswordHandler               // password authentication handler
 	PublicKeyHandler              PublicKeyHandler              // public key authentication handler
+	AuthLogHandler                AuthLogHandler                // authentication logger handler
 	PtyCallback                   PtyCallback                   // callback for allowing PTY sessions, allows all if nil
 	ConnCallback                  ConnCallback                  // optional callback for wrapping net.Conn before handling
 	LocalPortForwardingCallback   LocalPortForwardingCallback   // callback for allowing local port forwarding, denies all if nil
@@ -151,6 +152,12 @@ func (srv *Server) config(ctx Context) *gossh.ServerConfig {
 			return ctx.Permissions().Permissions, nil
 		}
 	}
+	if srv.AuthLogHandler != nil {
+		config.AuthLogCallback = func(conn gossh.ConnMetadata, method string, err error) {
+			applyConnMetadata(ctx, conn)
+			srv.AuthLogHandler(ctx, method, err)
+		}
+	}
 	if srv.KeyboardInteractiveHandler != nil {
 		config.KeyboardInteractiveCallback = func(conn gossh.ConnMetadata, challenger gossh.KeyboardInteractiveChallenge) (*gossh.Permissions, error) {
 			applyConnMetadata(ctx, conn)
diff --git a/ssh.go b/ssh.go
index fbeb150..456f29a 100644
--- a/ssh.go
+++ b/ssh.go
@@ -41,6 +41,9 @@ type PublicKeyHandler func(ctx Context, key PublicKey) bool
 // PasswordHandler is a callback for performing password authentication.
 type PasswordHandler func(ctx Context, password string) bool
 
+// AuthLogHandler is a callback for authentication logger.
+type AuthLogHandler func(ctx Context, method string, err error)
+
 // KeyboardInteractiveHandler is a callback for performing keyboard-interactive authentication.
 type KeyboardInteractiveHandler func(ctx Context, challenger gossh.KeyboardInteractiveChallenge) bool