ALE - RAM usage rocketing and maxing out after about a day
Posted 01 August 2014 - 03:21 PM
I've been using ALE for years now (fantastic tool), but have started to run into problems. I'm monitoring 4x DCs and I have made the registry changes I've made previously to try and cut down on resource usage (Set readlog to 0, UseWatcher to 1, invLogonKeepTime to 10, invLogonCleaningPeriod to 10, PF_Enabled to 0)
Also, as per KB1328 I have cleared out the files sepcified in that link to get rid of old lockout events
These haven't made a difference, and now I'm being forced to reboot the machine every day (or every other day) to get the tool to work.
Any ideas on this?
Posted 04 August 2014 - 02:35 PM
Some performance enhancements to the service will be coming in the next update. For now, most likely the service is being overloaded with invalid login attempts. Usually when we see this there is a computer that has lost sync with a domain controller for some reason. We can take a look at the logs for you and see if anything sticks out to us. Feel free to upload the alservice.log from the install directory to www.netwrix.com/upload and put ALE RAM USAGE - Forum in the subject line.
Posted 05 August 2014 - 10:12 AM
Posted 06 August 2014 - 02:37 PM
Unfortunately it is not possible to not track invalid logins. It could be an option and I will mention it to product management but the functionality that would be lost would be the ability to examine a lockout to assist in determining root cause. But I could definitely see a customer who only uses this tool to unlock accounts when they become locked wanting this feature. You mentioned thousands of invalid logins. I don't know if this is over a short period of time or a long period of time but I'm assuming most of these are automated in some way and not simply users putting in incorrect credentials themselves. My suggestion is to investigate these invalid logins to cut down on the noise hitting the service and causing the memory usage problem.
Posted 07 August 2014 - 03:07 PM
Is there an FAQ or KB article documenting the registry hacks for memory/process management?