It is important to monitor failed login attempts to determine if you are being attacked from an external source or are having failed attempts from users within your organization. This can be achieved with Passive Whats Up Gold Monitor.
It is important to also ensure that you have "Audit logon events" Group Policy applied to servers for source information on the login.
See: Do you use Group Policy to enable auditing of logon attempts?
