Security Event Log Size 2012 R2

Posted on 2016-11-02
Medium Priority
Last Modified: 2016-11-21
There is conflicting information regarding the size of the security event log. Some articles mention that the file is always loaded into memory in full, others say that the way the event log is loaded into memory has changed and that setting a larger size is no longer an issue.

Let's say, that for example I have a 4GB event log, will the full file be loaded into RAM? OS version is Windows Server 2012 R2.
Question by:albatros99
  • 2
  • 2
LVL 58

Assisted Solution

McKnife earned 2000 total points
ID: 41871159
I would simply make a test to find out. Use a script that uses eventcreate.exe in a loop to fill up the log and at the same time, open task manager and watch your RAM consumption.

Accepted Solution

albatros99 earned 0 total points
ID: 41872420
A 3.2 GB security log shows up in RamMap with 842'542 KB Total and 593'240 KB standby. Clearly it uses more memory but it doesn't load the whole file. I was just hoping this new behaviour would be documented somewhere.
LVL 58

Expert Comment

ID: 41872433
Hm - when does it show up, right after a restart or after it has been loaded to memory after using eventvwr?

Author Closing Comment

ID: 41895646
Solution discovered by testing.

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

It's not just another paperwork submission. Serious planning and rigour to managing the whole thought processes need to be put in place. The intent is not on drilling into the details, but to share tips in getting the first thing right to kick-start…
You do not need to be a security expert to make the RIGHT security. You just need some 3D guidance, to help lay out an action plan to secure your business operations. It does not happen overnight. You just need to start now and do the first thin…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question