Thanks for the reply nars. I appreciate the help.
Do you happen to know if the logs allow me to find out the IP address where the login attempt originated? It looks like that information isn’t present in the nxserver.log example you have kindly provided.
The idea is to identify the IP addresses of systems that are failing to login and ban them in the firewall for a period of time. Hopefully this will help discourage scripts from trying to brute force the server i.e. fail a few times within an hour and the IP is banned until tomorrow.