Account lockouts

Hi I am receiving many account lockout attempts coming from one particular server. This server is the Antivirus control server so it’s not unusual that it attempts to log into user machines. I believe it was configured to use the administrator account and not a service account. I ran a trace on the server for several hours. I don’t know where to begin on this so is there a way to search the trace file for the word “administrator” and see what I get. I have the latest version of Wireshark.

Thank,

TKE402