hook_user_login() is only invoked when a user successfully logs in.

The hook you should implement is hook_watchdog().

function hook_watchdog(array $log_entry) {
  switch ($log_entry['message']) {
    case 'Login attempt failed for %user.':
      // Somebody tried logging in as $log_entry['variables']['%user'],
      // and failed.
      break;

    case 'Session opened for %name.':
      // The login for $log_entry['variables']['%name'] was successful.
      break;
  }
}

Notice that:

• Both $log_entry['variables']['%user'] (for when the login failed) and $log_entry['variables']['%name'] (for when the login was successful) are usernames, not the user object.

• When the login was successful, $log_entry['user'] is the user object for the user who right logged in, an `$log_entry[‘uid’] is the user ID.

• The other variables that could be helpful are:

  • $log_entry['request_uri']
  • $log_entry['referer']
  • $log_entry['ip']
  • $log_entry['timestamp']

• Drupal already keeps a log of those events in admin/reports/dblog; you simply need to filter them by type (user).

  

  There could be a reason to implement hook_watchdog() to keep a log for any failed/successful login, though: The database log is limited to N entries (where N could be 100, 1000, 10000, 100000, 1000000, basing on what set on admin/config/development/logging), and it is for all the messages passed to watchdog(); once the limit is reached, the old messages are lost.