Do you happen to know if the logs allow me to find out the IP address where the login attempt originated? It looks like that information isn’t present in the nxserver.log example you have kindly provided.
The idea is to identify the IP addresses of systems that are failing to login and ban them in the firewall for a period of time. Hopefully this will help discourage scripts from trying to brute force the server i.e. fail a few times within an hour and the IP is banned until tomorrow.
Can anyone shed some light on what the NoMachine log file would have in it when failed authentication occurs? This seems to be the key bit of information to block IP addresses that are attempting to connect too often.