cancel
Showing results for 
Search instead for 
Did you mean: 
Pinard
Level 8
Report Inappropriate Content
Message 1 of 4

Windows SIEM event Collector memory usage

Hi

Our infrastructure team is concerned about the memory usage of the SIEM event collector process running on our Windows domain controller. Actually, the process is using 800Mo out of 4 Go. Did anyone know if using that much memory is normal?  Is there a rule of thumb to determine the memory requirement considering the amount of event reported?

Thanks.

3 Replies
rth67
Level 12
Report Inappropriate Content
Message 2 of 4

Re: Windows SIEM event Collector memory usage

We do not have it running on any DC's, using WMI pulls, we do have it on a handful of servers for log tailing purposes, as well as a few test Laptops. Mine is using about 10MB (10,020K) on my Laptop out of 4GB. I will try to look at some of the Servers to see if the memory usage is the same.

Highlighted
Pinard
Level 8
Report Inappropriate Content
Message 3 of 4

Re: Windows SIEM event Collector memory usage

Thank you for your answer rth67. Have you been able to look at memory usage on your Servers?

rth67
Level 12
Report Inappropriate Content
Message 4 of 4

Re: Windows SIEM event Collector memory usage

I had one of our windows engineers check a couple of the Servers that were running the Agent, they were using 11.5KB and 12.4KB, mine locally fluctuates, currently down at 6.8KB, I have seen it as high as 12KB

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center