Yes, domain audit policy is logging failed logon attempts. But I am not seeing any failed logon attempts in the security log.