Security Event Log Size 2012 R2

There is conflicting information regarding the size of the security event log. Some articles mention that the file is always loaded into memory in full, others say that the way the event log is loaded into memory has changed and that setting a larger size is no longer an issue.

Let's say, that for example I have a 4GB event log, will the full file be loaded into RAM? OS version is Windows Server 2012 R2.
LVL 3
albatros99Asked:
Who is Participating?
 
albatros99Connect With a Mentor Author Commented:
A 3.2 GB security log shows up in RamMap with 842'542 KB Total and 593'240 KB standby. Clearly it uses more memory but it doesn't load the whole file. I was just hoping this new behaviour would be documented somewhere.
0
 
McKnifeConnect With a Mentor Commented:
I would simply make a test to find out. Use a script that uses eventcreate.exe in a loop to fill up the log and at the same time, open task manager and watch your RAM consumption.
0
 
McKnifeCommented:
Hm - when does it show up, right after a restart or after it has been loaded to memory after using eventvwr?
0
 
albatros99Author Commented:
Solution discovered by testing.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.