We use GFI Server monitoring, and we are experiencing 5 security events that repeatedly alert us from the Security Event Log. The total amount of alerts can reach into their thousands within the week. The alert descriptions indicate that the security event is triggered from internal users, computers and IP addresses.
There are 2 sites linked via a VPN. The primary site uses 10.0.0.0, whilst the remote site uses 192.168.1.0.
The alerts in question relate to the following Event ID's:
For further clarity, please see attached document providing event logs as extracted from the SBS Server, with accompanying notes at the bottom of each event.
I would like to identify the cause and resolution of each event.
Thank you in advance.