We are having the similar issues.
We will either configure an event forwarding policy to a central log repository, or create task using task scheduler to trigger some action in case any error message logged on Event log under Applications and Services Logs -> Microsoft -> Fslogix -> Apps -> Operational.
We are going to enable prevent logon failure registry settings as well.