When a user exceeds the maximum number of attempts allowed (the default is three attempts) during a specific period of time (the default is 5 minutes) the account used during those attempts is locked out for a preconfigured lock-out period (the default is 10 minutes).
A security event log is generated as soon as a user account has exceeded the number of allowed attempts and the show>system>security>user command can be used to display the total number of failed attempts per user.
The account is automatically re-enabled as soon as the lock-out period has expired.