diff --git a/etcdserver/security/security.go b/etcdserver/security/security.go
index c6d487dde..15d834a20 100644
--- a/etcdserver/security/security.go
+++ b/etcdserver/security/security.go
@@ -17,7 +17,6 @@ package security
 import (
 	"encoding/json"
 	"fmt"
-	"log"
 	"path"
 	"reflect"
 	"sort"
@@ -30,6 +29,7 @@ import (
 	"github.com/coreos/etcd/etcdserver"
 	"github.com/coreos/etcd/etcdserver/etcdserverpb"
 	"github.com/coreos/etcd/pkg/types"
+	"github.com/coreos/pkg/capnslog"
 )
 
 const (
@@ -43,6 +43,10 @@ const (
 	GuestRoleName = "guest"
 )
 
+var (
+	plog = capnslog.NewPackageLogger("github.com/coreos/etcd/etcdserver", "security")
+)
+
 var rootRole = Role{
 	Role: RootRoleName,
 	Permissions: Permissions{
@@ -186,7 +190,7 @@ func (s *Store) CreateOrUpdateUser(user User) (out User, created bool, err error
 func (s *Store) CreateUser(user User) (User, error) {
 	u, err := s.createUserInternal(user)
 	if err == nil {
-		log.Printf("security: created user %s", user.User)
+		plog.Noticef("created user %s", user.User)
 	}
 	return u, err
 }
@@ -225,7 +229,7 @@ func (s *Store) DeleteUser(name string) error {
 		}
 		return err
 	}
-	log.Printf("security: deleted user %s", name)
+	plog.Noticef("deleted user %s", name)
 	return nil
 }
 
@@ -251,7 +255,7 @@ func (s *Store) UpdateUser(user User) (User, error) {
 	}
 	_, err = s.updateResource("/users/"+user.User, newUser)
 	if err == nil {
-		log.Printf("security: updated user %s", user.User)
+		plog.Noticef("updated user %s", user.User)
 	}
 	return newUser, err
 }
@@ -320,7 +324,7 @@ func (s *Store) CreateRole(role Role) error {
 		}
 	}
 	if err == nil {
-		log.Printf("security: created new role %s", role.Role)
+		plog.Noticef("created new role %s", role.Role)
 	}
 	return err
 }
@@ -338,7 +342,7 @@ func (s *Store) DeleteRole(name string) error {
 		}
 	}
 	if err == nil {
-		log.Printf("security: deleted role %s", name)
+		plog.Noticef("deleted role %s", name)
 	}
 	return err
 }
@@ -365,7 +369,7 @@ func (s *Store) UpdateRole(role Role) (Role, error) {
 	}
 	_, err = s.updateResource("/roles/"+role.Role, newRole)
 	if err == nil {
-		log.Printf("security: updated role %s", role.Role)
+		plog.Noticef("updated role %s", role.Role)
 	}
 	return newRole, err
 }
@@ -384,18 +388,18 @@ func (s *Store) EnableSecurity() error {
 	}
 	_, err = s.GetRole(GuestRoleName)
 	if err != nil {
-		log.Printf("security: no guest role access found, creating default")
+		plog.Printf("no guest role access found, creating default")
 		err := s.CreateRole(guestRole)
 		if err != nil {
-			log.Printf("security: error creating guest role. aborting security enable.")
+			plog.Errorf("error creating guest role. aborting security enable.")
 			return err
 		}
 	}
 	err = s.enableSecurity()
 	if err == nil {
-		log.Printf("security: enabled security")
+		plog.Noticef("security: enabled security")
 	} else {
-		log.Printf("error enabling security: %v", err)
+		plog.Errorf("error enabling security (%v)", err)
 	}
 	return err
 }
@@ -406,9 +410,9 @@ func (s *Store) DisableSecurity() error {
 	}
 	err := s.disableSecurity()
 	if err == nil {
-		log.Printf("security: disabled security")
+		plog.Noticef("security: disabled security")
 	} else {
-		log.Printf("error disabling security: %v", err)
+		plog.Errorf("error disabling security (%v)", err)
 	}
 	return err
 }
@@ -435,14 +439,14 @@ func (u User) Merge(n User) (User, error) {
 	currentRoles := types.NewUnsafeSet(u.Roles...)
 	for _, g := range n.Grant {
 		if currentRoles.Contains(g) {
-			log.Printf("Granting duplicate role %s for user %s", g, n.User)
+			plog.Noticef("granting duplicate role %s for user %s", g, n.User)
 			continue
 		}
 		currentRoles.Add(g)
 	}
 	for _, r := range n.Revoke {
 		if !currentRoles.Contains(r) {
-			log.Printf("Revoking ungranted role %s for user %s", r, n.User)
+			plog.Noticef("revoking ungranted role %s for user %s", r, n.User)
 			continue
 		}
 		currentRoles.Remove(r)
@@ -544,7 +548,7 @@ func (rw rwPermission) Revoke(n rwPermission) (rwPermission, error) {
 	currentRead := types.NewUnsafeSet(rw.Read...)
 	for _, r := range n.Read {
 		if !currentRead.Contains(r) {
-			log.Printf("Revoking ungranted read permission %s", r)
+			plog.Noticef("revoking ungranted read permission %s", r)
 			continue
 		}
 		currentRead.Remove(r)
@@ -552,7 +556,7 @@ func (rw rwPermission) Revoke(n rwPermission) (rwPermission, error) {
 	currentWrite := types.NewUnsafeSet(rw.Write...)
 	for _, w := range n.Write {
 		if !currentWrite.Contains(w) {
-			log.Printf("Revoking ungranted write permission %s", w)
+			plog.Noticef("revoking ungranted write permission %s", w)
 			continue
 		}
 		currentWrite.Remove(w)
diff --git a/etcdserver/security/security_requests.go b/etcdserver/security/security_requests.go
index 42e59f735..6ad627ec0 100644
--- a/etcdserver/security/security_requests.go
+++ b/etcdserver/security/security_requests.go
@@ -16,7 +16,6 @@ package security
 
 import (
 	"encoding/json"
-	"log"
 	"path"
 
 	"github.com/coreos/etcd/Godeps/_workspace/src/golang.org/x/net/context"
@@ -46,7 +45,7 @@ func (s *Store) ensureSecurityDirectories() error {
 					continue
 				}
 			}
-			log.Println("security: Trying to create security directories in the store; failed:", err)
+			plog.Errorf("failed to create security directories in the store (%v)", err)
 			return err
 		}
 	}
@@ -93,14 +92,14 @@ func (s *Store) detectSecurity() bool {
 				return false
 			}
 		}
-		log.Println("security: Trying to detect security settings failed:", err)
+		plog.Errorf("failed to detect security settings (%s)", err)
 		return false
 	}
 
 	var u bool
 	err = json.Unmarshal([]byte(*value.Event.Node.Value), &u)
 	if err != nil {
-		log.Println("security: internal bookkeeping value for enabled isn't valid JSON")
+		plog.Errorf("internal bookkeeping value for enabled isn't valid JSON (%v)", err)
 		return false
 	}
 	return u