Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Are Windows 2008 R2 Event Logs memory-mapped?

Posted on 2011-03-07
5
1,665 Views
Last Modified: 2012-05-11
I just have a question.  Are Windows 2008 R2 Event Logs memory-mapped?  I know in Windows 2003, they are, and I sometimes had headaches regarding setting maximum log sizes (over default).  

It was my understanding that 2008 would remove the memory-mapping dependency for event logs.  Especially since they now have a recommended maximum log size of 4 GB.  

The following article hints that 2008 does not use memory mapped files, but maybe I'm misinterpreting it.  http://technet.microsoft.com/en-us/library/cc722385(WS.10).aspx

 As noted in article above
0
Comment
Question by:MMcDonald
  • 2
5 Comments
 
LVL 3

Expert Comment

by:wgray05
ID: 35057152
No, this was changed in 2008.
0
 

Author Comment

by:MMcDonald
ID: 35057328
That's what I thought, however we just had an issue with several of our Windows 2008 R2 domain controllers.

We noticed we had a lot of memory issues occurring.  We have found the security event log to be over 2 GB in size due to excessive auditing (an issue in and of itself).  The server had virtually 0 bytes of RAM free and was running horribly.  WMI queries against it would fail citing not enough memory available.  Etc, etc.

Upon clearing the event log, the server released almost 2 GBs worth of RAM and it is now performing as expected.

The above results indicate that event logs are still memory-mapped.  Unfortunately I cannot find any information pointing one way or the other outside of what I posted above, which isn't very clear.
0
 

Author Comment

by:MMcDonald
ID: 35332918
I have replicated my above findings again on another 2008 R2 DC with 2GB RAM.  The DC was at 91% memory utilization (interestingly enough task manager did not list a process showing this memory being consumed).  The security event log was at 1GB in size (we have it limited to 1GB via GPO).  As soon as I cleared the log, my memory utilization dropped by nearly half.

To me, it's pretty clear that event logs are still memory mapped.
0
 

Accepted Solution

by:
ee_auto earned 0 total points
ID: 35718506
Question PAQ'd and stored in the solution database.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question