?
Solved

Are Windows 2008 R2 Event Logs memory-mapped?

Posted on 2011-03-07
5
Medium Priority
?
1,721 Views
Last Modified: 2012-05-11
I just have a question.  Are Windows 2008 R2 Event Logs memory-mapped?  I know in Windows 2003, they are, and I sometimes had headaches regarding setting maximum log sizes (over default).  

It was my understanding that 2008 would remove the memory-mapping dependency for event logs.  Especially since they now have a recommended maximum log size of 4 GB.  

The following article hints that 2008 does not use memory mapped files, but maybe I'm misinterpreting it.  http://technet.microsoft.com/en-us/library/cc722385(WS.10).aspx

 As noted in article above
0
Comment
Question by:MMcDonald
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 3

Expert Comment

by:wgray05
ID: 35057152
No, this was changed in 2008.
0
 

Author Comment

by:MMcDonald
ID: 35057328
That's what I thought, however we just had an issue with several of our Windows 2008 R2 domain controllers.

We noticed we had a lot of memory issues occurring.  We have found the security event log to be over 2 GB in size due to excessive auditing (an issue in and of itself).  The server had virtually 0 bytes of RAM free and was running horribly.  WMI queries against it would fail citing not enough memory available.  Etc, etc.

Upon clearing the event log, the server released almost 2 GBs worth of RAM and it is now performing as expected.

The above results indicate that event logs are still memory-mapped.  Unfortunately I cannot find any information pointing one way or the other outside of what I posted above, which isn't very clear.
0
 

Author Comment

by:MMcDonald
ID: 35332918
I have replicated my above findings again on another 2008 R2 DC with 2GB RAM.  The DC was at 91% memory utilization (interestingly enough task manager did not list a process showing this memory being consumed).  The security event log was at 1GB in size (we have it limited to 1GB via GPO).  As soon as I cleared the log, my memory utilization dropped by nearly half.

To me, it's pretty clear that event logs are still memory mapped.
0
 

Accepted Solution

by:
ee_auto earned 0 total points
ID: 35718506
Question PAQ'd and stored in the solution database.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question