Forum Discussion
High CPU/Memory utilization using WMI to read Security Event log
Hi Tech Community, We have 2 systems that read the Security Event log of our three 2012 R2 DC's, a SIEM (Sentinel) and Netwrix account lockout examiner (these have been operational for many years ...
Funny that the only posts n the internet regarding this New behavior where there is some kind of answers are not on the official Microsoft Forums m_giusti .
why is Microsoft silent on this matter?
Microsoft should be more transparent when making changes that have huge impact on memory as this.
we log more and more stuff into security.evtx as per cybersecurity recommendation dictate, thus upping the evtx to 4GB to retain some acceptable retention, but this loading of the file in memory is now affecting our users windows machines as well as our servers's memory consumption.
we now face a dillema, where we need some log retention, but also want to mitigate this memory usage issues...