Hello all, Hoping someone will be able to pinpoint the issue we're experiencing. We have deployed the latest NXLog Enterprise Edition agents (nxlog-5.5.7535) on numerous Windows servers, including multiple domain controllers (DCs). We're running into an issue where the agents on two DCs have a continuous increase in RAM usage. No other servers experience this problem. Over multiple days the memory usage by the agent slowly increases to gigabytes. This will keep increasing, but we restart the agent and we're back at ~10MB of RAM usage. The DCs with this issue run Windows Server 2012 R2. There are newer DCs in place as well, running Windows Server 2022. These new DCs do not have this problem. Does anyone have an idea as to why this is happening? If you require further information, please let me know. All the DCs have the same agent template deployed on them, see below: TEMPLATE INFO true LISTEN_FROM 172.16.1.44 4041 route1 0 RIN eventlog dnsaudit RIN om_tcp OUTPUT Exec to_syslog_snare(); 172.16.1.43 517 LineBased eventlog im_msvistalog INPUT <QueryXML> <QueryList> <Query Id="0"> <Select Path="Security">*</Select> </Query> <Query Id="1"> <Select Path="Application">*</Select> </Query> <Query Id="2"> <Select Path="System">*</Select> </Query> </QueryList> </QueryXML> true true false Default dnsaudit im_etw INPUT Microsoft-Windows-DNSServer Verbose

Scratch that, we are seeing this issue on the 2022 DCs as well. Does anyone have an idea? Seems to be a DC specific issue.