Our infrastructure team is concerned about the memory usage of the SIEM event collector process running on our Windows domain controller. Actually, the process is using 800Mo out of 4 Go. Did anyone know if using that much memory is normal? Is there a rule of thumb to determine the memory requirement considering the amount of event reported?
We do not have it running on any DC's, using WMI pulls, we do have it on a handful of servers for log tailing purposes, as well as a few test Laptops. Mine is using about 10MB (10,020K) on my Laptop out of 4GB. I will try to look at some of the Servers to see if the memory usage is the same.
I had one of our windows engineers check a couple of the Servers that were running the Agent, they were using 11.5KB and 12.4KB, mine locally fluctuates, currently down at 6.8KB, I have seen it as high as 12KB