Automatic account disabling

I have Server set up to automatically disable user accounts on certain conditions (e.g. if the account hasn't been used in a long time, or if there are too many attempts to log in with the incorrect password). And indeed, sometimes accounts get disabled. However, sometimes it is not clear *why* the account was disabled. Is there some way to determine why and when an account was disabled, i.e. is it logged somewhere?

In particular, if an account is getting disabled because someone is trying to guess a user's password, I'd like to be able to track down where the break-in attempt is coming from.