The security event log is filling up with 538, 540, 576 events. It may do 5 or 6 a second, pauses for 20-30 seconds and does it again around the clock. Some of these are for the server itself, a domain member server running exchange or any of the switched on XP-Pro workstations. I have only just noticed this, but it seems to have been happening for the whole of April with 380,000 events logged. We have been experiencing many 18456 errors in the application event log due to a SQL server 2005 problem. This stopped this week, but I'm not sure exactly why! . There was a valid instance of SQL server installed in Dec 2009, a third party installed another database in the existing instance at the end of March. It was removed again but the problems all began then!