The AUDIT logger should use category org.jboss.security.audit. Then it works fine. (AS 7.2.0.Alpha1).