We have some inetersting activity in our security log during nighttime hours.\nHow do I tell if it is just network overhead protocols, or illegimate\nattempts to access the network? Some of the event IDs are:\n538,540,565,576,672,673,674, and 680. I would assume that some of these are\nrelated to users/computers locking their workstation at night and the systems\nare still responding to the server. Is this correct or do I have a serious\nproblem here. I've directed the question to my IS manager, and she does not\nhave any idea in regards to this.