Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Are Windows 2008 R2 Event Logs memory-mapped?

Posted on 2011-03-07
5
Medium Priority
?
1,739 Views
Last Modified: 2012-05-11
I just have a question.  Are Windows 2008 R2 Event Logs memory-mapped?  I know in Windows 2003, they are, and I sometimes had headaches regarding setting maximum log sizes (over default).  

It was my understanding that 2008 would remove the memory-mapping dependency for event logs.  Especially since they now have a recommended maximum log size of 4 GB.  

The following article hints that 2008 does not use memory mapped files, but maybe I'm misinterpreting it.  http://technet.microsoft.com/en-us/library/cc722385(WS.10).aspx

 As noted in article above
0
Comment
Question by:MMcDonald
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 3

Expert Comment

by:wgray05
ID: 35057152
No, this was changed in 2008.
0
 

Author Comment

by:MMcDonald
ID: 35057328
That's what I thought, however we just had an issue with several of our Windows 2008 R2 domain controllers.

We noticed we had a lot of memory issues occurring.  We have found the security event log to be over 2 GB in size due to excessive auditing (an issue in and of itself).  The server had virtually 0 bytes of RAM free and was running horribly.  WMI queries against it would fail citing not enough memory available.  Etc, etc.

Upon clearing the event log, the server released almost 2 GBs worth of RAM and it is now performing as expected.

The above results indicate that event logs are still memory-mapped.  Unfortunately I cannot find any information pointing one way or the other outside of what I posted above, which isn't very clear.
0
 

Author Comment

by:MMcDonald
ID: 35332918
I have replicated my above findings again on another 2008 R2 DC with 2GB RAM.  The DC was at 91% memory utilization (interestingly enough task manager did not list a process showing this memory being consumed).  The security event log was at 1GB in size (we have it limited to 1GB via GPO).  As soon as I cleared the log, my memory utilization dropped by nearly half.

To me, it's pretty clear that event logs are still memory mapped.
0
 

Accepted Solution

by:
ee_auto earned 0 total points
ID: 35718506
Question PAQ'd and stored in the solution database.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question