View logon failures with computer identification

I am looking for something that will give me details for logon failures on my 2008 domain controllers.  I need to see what computers are being used for these failures.  When I look at the event viewer, it does not give me the details I need.  I would like the name of the computer, but the IP address would do.  Am I not setting up the event viewer correctly or is there a product (not too expensive) that I can get?  I am having a problem with account lock outs and I need to know who is doing this.
Who is Participating?
Download the Account Lockout Tools from Microsoft.

The EventCombMT in particular is usefull. You can set it to search for events within a certain time period, and it has built-in queries for lockout events. It also will allow you to export to .CSV for easy searching.
Account Lockouts can occur when some computers in the Active Directory Domain perform a DDos Attack due to lack of security patches.

We received a lot of account lockouts during the month of Feb & March, but most of them were resolved when we deployed the patches

KB 958644 -
KB 958687.-

I sincerely would suggest  you to patch all your workstations asap and also update whether you are currently hosting a WSUS Server in your Network
jtennysonAuthor Commented:
My workstations are patched.  Certain accounts are being locked out.  I need to be able to find out what computer is being used to try and log in under these accounts.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.