Auditing RDP Logon Failures

Auditing RDP Logon Failures

Hi,

I try to get logon failures reported in case of RDP bruteforcing

- a non domain joined computer is trying to get an rdp connection
- with an AD Account
- to a domain joined computer

On the local computer e got event log IDs with the event 4625
But I cant see anything on my domain controlliers.

Any Ideas