Implement into Elytron samething like:
https://github.com/picketbox/picketbox/tree/master/security-spi/spi/src/main/java/org/jboss/security/audit
or
https://github.com/wildfly/wildfly-core/tree/master/controller/src/main/java/org/jboss/as/controller/audit
or
https://github.com/kabir/tamper-detecting-audit-log

UPDATE:
By discussion should be based on currently not implemented processing of *security events* - depends on it from now.