We are receiving regular server health warnings as follows:
Failed Logins Per Hour on server NWSERVER is in a SUSPECT State

Presumably this means that incorrect credentials are being used to attempt a login
These incidents always seem to occur around 10:30 pm when the office should be empty

I am therefore trying to establish which terminal is being used for these attempts
Assuming that the username will automatically fill the box and the intruder is just trying to guess the password, if there is a log file that contains failed logins by username, then I will have the answer

Does anyone know if failed logins are logged anywhere on the system ?