(?P<event_message>An account failed to log on.)\s+Subject:\s+Security ID:\s+(?P<subject_security_id>.*?)\s+Account Name:\s+(?P<subject_account_name>.*?)\s+Account Domain:\s+(?P<subject_account_domain>. *?)\s+Logon ID:\s+(?P<subject_logon_id>.*?)\s+Logon Type:\s+(?P<logon_type>.*?)\s+Account For Which Logon Failed:\s+Security ID:\s+(?P<logon_security_id>.*?)\s+Account Name:\s+Administrator\s+Account Domain:\s+(?P<logon_account_domain>.*?)\s+Failure Information:\s+Failure Reason:\s+(?P<failure_reason>.*?)\s+Status:\s+(?P<status>.*?)\s+Sub Status:\s+(?P<sub_status>.*?)\s+Process Information:\s+Caller Process ID:\s+(?P<caller_process_id>.*?)\s+Caller Process Name:\s+(?P<caller_process_name>.*?)\s+Network Information:\s+Workstation Name: (?P<workstation_name>.*?)\s+Source Network Address: (?P<src_addr>.*?)\s+Source Port:\s+(?P<src_port>.*?)\s+Detailed Authentication Information:\s+Logon Process:\s+(?P<logon_process>.*?)\s+Authentication Package:(?P<auth_package>.*?)\s+Transited Services: (?P<trans_serv>.*?)\s+Package Name \(NTLM only\):\s+(?P<package_name>.*?)\s+Key Length:\s+(?P<key_length>.*?)\s+\s+(?P<event_details>.*)