We have (6) DCs in our environment, all global catalogs. ALE is installed on one of them, but for whatever reason there is constant heavy bandwidth between this DC5 and DC1, but not with any other domain controllers. Any reason for this to be the case? As soon as I disable ALE service, the bandwidth usage goes away. The reason this is an issue is that these hosts are on different VLANs, and it saturates our router interface with unnecessary traffic.
If installed on DC1 then DC5 probably experiences the most invalid login attempts and thus has more failed logons and lockout events to be collected (or the other way around I'm not sure which one is the host). If you disable the product, the next time you enable it, it will have to play catch up and collect even more per second than it was collecting before. However there is a registry key you can set to have it miss any logs it missed and stop trying to catch up. Here is a KB with this and a few more things to try: http://www.netwrix.com/kb/1531