I'm running a bunch of Windows Server 2008 R2 on a 64 bits hardware. I recently noticed that the eventlog service is going wild about memory consumption. The service on its own can consume about 4GB of the available memory and is continuously growing.
I first took action to move eventlog in its own svchost process to confirm that it was the cause of memory consumption.
> sc config eventlog type= own
Then I cleared all the log files expecting to move away from a possible corruption.
> wevtutil el | Foreach-Object {wevtutil cl "$_"}
And restarted the service. However, memory consumption is quickly growing back to 3-4GB.
I'm out of clue on what could cause this behavior.
Possible causes:
Your best bet is to clean up your event logs.
You can do this safely by archiving your event log or clearing it.
I was taught to then restart my server, however I'm not entirely sure how necessary this is.
If the issue recurs, go through your event log, taking special notice of the security log, to see if anything is causing an unwanted flood of events.
Memory consuption was caused by one of our services monitoring the event logs. After having disabled this functionality everything was back to normal.