I've been troubleshooting some hellacious memory issues on a lot of servers in my domain as of late. I recently found this program called RAMMap from Sysinternals and it showed that my entire security log was being held in RAM. Once I cleared the log, my RAM usage miraculously dropped 4 GB and voila, no memory pressure.
Anyone know why this is happening or how to stop it?
The only thing I've done thus far is change the settings of the security log from 4GB to 1GB.
Are their issues with changing this setting to a lower number? If not, was thinking a group policy to change all servers, unless there is another way to stop this from happening.
Best Answer
A 4GB setting for the security log is crazy big. Even 1GB is very, very large. That's way larger than Microsoft's recommended event log sizes.
Personally, I'd set a more reasonable size (per Microsoft's recommendations) and implement automatic log rotation.
Using Group Policy to make this change is a great idea, by the way.