Here’s an example :
03/18/2020 05:34:51 PM
LogName=Security
SourceName=Microsoft Windows security auditing.
EventCode=4625
EventType=0
Type=Information
ComputerName=
TaskCategory=Logon
OpCode=Info
RecordNumber=6617470752
Keywords=Audit Failure
Message=An account failed to log on.
Subject:
Security ID: NT AUTHORITY\SYSTEM
Account Name: STODC01$
Account Domain:
Logon ID: 0x3E7
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: admin
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC000006A
Process Information:
Caller Process ID: 0x264
Caller Process Name: C:\Windows\System32\lsass.exe
Network Information:
Workstation Name: STODC01
Source Network Address: 172.26.100.28
Source Port: 42244
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Transited Services: -
Package Name (NTLM only): -
Key Length: 0