Solved

Are Windows 2008 R2 Event Logs memory-mapped?

Posted on 2011-03-07
5
1,692 Views
Last Modified: 2012-05-11
I just have a question.  Are Windows 2008 R2 Event Logs memory-mapped?  I know in Windows 2003, they are, and I sometimes had headaches regarding setting maximum log sizes (over default).  

It was my understanding that 2008 would remove the memory-mapping dependency for event logs.  Especially since they now have a recommended maximum log size of 4 GB.  

The following article hints that 2008 does not use memory mapped files, but maybe I'm misinterpreting it.  http://technet.microsoft.com/en-us/library/cc722385(WS.10).aspx

 As noted in article above
0
Comment
Question by:MMcDonald
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 3

Expert Comment

by:wgray05
ID: 35057152
No, this was changed in 2008.
0
 

Author Comment

by:MMcDonald
ID: 35057328
That's what I thought, however we just had an issue with several of our Windows 2008 R2 domain controllers.

We noticed we had a lot of memory issues occurring.  We have found the security event log to be over 2 GB in size due to excessive auditing (an issue in and of itself).  The server had virtually 0 bytes of RAM free and was running horribly.  WMI queries against it would fail citing not enough memory available.  Etc, etc.

Upon clearing the event log, the server released almost 2 GBs worth of RAM and it is now performing as expected.

The above results indicate that event logs are still memory-mapped.  Unfortunately I cannot find any information pointing one way or the other outside of what I posted above, which isn't very clear.
0
 

Author Comment

by:MMcDonald
ID: 35332918
I have replicated my above findings again on another 2008 R2 DC with 2GB RAM.  The DC was at 91% memory utilization (interestingly enough task manager did not list a process showing this memory being consumed).  The security event log was at 1GB in size (we have it limited to 1GB via GPO).  As soon as I cleared the log, my memory utilization dropped by nearly half.

To me, it's pretty clear that event logs are still memory mapped.
0
 

Accepted Solution

by:
ee_auto earned 0 total points
ID: 35718506
Question PAQ'd and stored in the solution database.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question