Error 18456 State 5 Invalid User ID appeared during some troubleshooting . The details were gathered using the RING_BUFFER_CONNECTIVITY.
I cross checked against the SQL Server Error Logs and there was a related entry :
Login failed for user 'xxxxx'. Reason: Could not find a login matching the name provided. [CLIENT: xx.xxx.xx.x] Reason: Could not find a login matching the name provided
The information was gathered during some troubleshooting for another problem, but it caused me to reflect on how to manage failed login attempts.
As a minimum for failed login attempts you should:
1) Turn on the Failed logins Only option on Login Auditing
2) Generate a daily report using Powershell and SQL Server Error Logs
3) Consider include failed logins to a SQL Server Security Violations Report
Read More on failed logins and other login issues