Security Manager is causing high CPU and memory usage on my IIS servers. (NETIQKB24331)

  • 7724331
  • 02-Feb-2007
  • 27-Aug-2007


Security Manager 4.20


Security Manager 4.50

Security Manager 5.x

Security Manager is causing high CPU and memory usage on my IIS servers.

Security Manager script is automatically bouncing the agent service on my IIS servers.

Security Manager is utilizing numerous resources on my IIS servers.


The value xxx exceeded the threshold for private bytes. A large value for private bytes can be an indicator of memory leakage in the service. The service will be stopped and restarted to avoid depletion of system resources.

This can be due to a large amount of old logs files that are contained in the log directories.


NOTE:  There are two steps required to keep Security Manager from processing old IIS logs:

  1. Starting with Security Manager 4.2, the provider can ignore files older than a certain number of days.  This is controlled via a registry setting in the following key:
    • pre SM 5.1 - HKLM\SOFTWARE\Mission Critical Software\OnePoint\Configurations\<Config Group Name>\Operations\Agent\Event Providers\Application Log\{GUID}
    • SM 5.1 and higher - HKLM\SOFTWARE\NetIQ\Security Manager\Configurations\<Config Group Name>\Operations\Agent\Event Providers\Application Log\{GUID}

      Under the GUID key that has a Description value of Internet Information Server web server log there will be another value called
      OldLogsIgnoreDays.  The default value for this key is 0 meaning to process all logs.  To limit the logs processed to those up to a certain age, enter a numerical value corresponding to the age of the logs to be processed.  For example, to process only the logs created in the last five days, enter a numerical value of
  2. Important - Now, archive the IIS event logs that are older than the OldLogsIgnoreDays setting to another server.  These files are typically located under \WINDOWS\system32\LogFiles\W3SVC1 (for the default website).  This way Security Manager will not need to check each file to determine if it's old or not.  This will need to be done on a regular basis.

WARNING: Using the Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. NetIQ Technical Support cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Make sure that you backup your Registry prior to making any changes.

Additional Information

Formerly known as NETIQKB24331