Tracking Down Failed Login Attempts

Simply History has been reporting thousands of failed login attempts using a variety of both legitimate usernames and random ones. However, none of our internal tools, such as server access logs, are showing these failed login attempts.

Could you please assist or provide guidance on the following:

1. How does the Simply History plugin track failed login attempts? Is there a way to validate or cross-check this data with server logs?
2. Is it possible that these failed login attempts are being logged by the plugin but not reflected in other logs? If so, why might this be happening?
3. Can you suggest any additional steps or tools we can use to investigate and track down the source of these login attempts more thoroughly?

Any assistance you can provide in helping us track down and understand these login attempts would be greatly appreciated.

Thank you for your time and support.