Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

Constant High Memory (99%) utilization on polling engine

Hello Everyone !!

Need your help with an issue i have been facing for the last few months. I also have a support ticket open (02048013) but we are not getting anywhere close to resolution.

Below is a brief summary of the problem -

Issue - High memory (99%) utilization on SolarWinds polling engine.

Description - I have 3 servers for SolarWinds in my environment. 1x main poller/server and 2x additional polling engines. The high memory problem is on one of the additional polling engines.

The hardware specs for the 3 servers are pretty much the same : Mainpoller - Win 2016 server with 32Gb of memory. The 2x additional polling engines are Win 2022 servers with the same 32Gb memory, all 3 servers have the same 4 processor CPU.

I only have IPAM and NCM licenses with SolarWinds and these are the only two subscriptions running. And i am running version 2025.2.1.

Every few days the memory on the problem polling engine hits 99% which is caused by "Solarwinds.Orion.LogMgmt.SyslogService" and stays that way until i go ahead and restart the service.

The number of devices sending syslog to the main poller is 715, non-problem polling engine is 51 and the problem polling engine has 126 devices. It is the syslog service causing the high memory issue, if i do not restart the syslog service, the server does not experience high memory.

Troubleshooting performed -

Re-installed and upgraded the SolarWinds application on the problem polling engine
Ran a packet capture for udp port 514 and noticed a couple firewalls as top talkers, however all the firewalls in my environment have the same syslog level (informational) configured
Checked the interface utilization for these firewalls on our monitoring tool (LogicMonitor) to see if it really is sending a lot of syslog traffic, and no the throughput on these firewalls is less than 500mb and did not see any high spikes at any particular time
Also checked the ethernet values on the task manager when high memory issue occurs and do not see the server getting a lot of input traffic (picture attached)
If the suspected firewalls were indeed causing an issue, then the memory would go down at some point when the syslog traffic goes down ? But it just stays stuck at 99%
Made changes to the database (tempdb transaction log file size and query optimizer hotfixes), but then all 3 servers use the same database, so i don't think its a database issue here. If it was the DB, it would affect all 3 servers ?

I did see a couple similar posts on here but none of them had a resolution.

Find more posts tagged with

Product: Network Configuration Manager (NCM)

nodes with high memory utilization

ncm

scalability engine

Comments

oithim_yew

have you tried disabling the syslog or filter some of the things that were coming in instead of processing everything? in our environment, we do not use syslog, hence we discard the message. maybe you can try to filter those that you need and drop those that you do not.

nwadmin91

Hi, i need syslog as i have real time change detection configured. Also was wondering the custom rules i have setup applies to all 3 servers, so why only 1 server is getting high memory. I ran a packet capture on all 3 servers to check if the problem server is getting a lot more traffic than the other 2 servers, but that was not the case. The main poller has around 700 devices sending syslog to it and that seems to be perfectly fine. The problem server only has 120 devices and the capture shows far less traffic compared to the other 2 servers when the issue occurs and also under normal circumstances.

oithim_yew

the rules would applies to all SW. if everything was done but yet, the problem occurs. I guess the best is to try to reinstall SW on the problematic poller. i am not sure about your environment but for us, we have 1 primary and 2 poller sitting at other different countries, if it happens in our environment i might suspect:

problematic poller - reinstallations might help (i believe you have done so)
network congestions - we have issues where syslogs are killing our DB due to the numbers of logs. we end up stopping it using the rules since we do not need it. (i believe you wont be needing this advice)
isolate the nodes - i would try to move some of the nodes out to another poller to monitor and see if it helps to reduce the memory usage. sounded stupid but i think it can be tested out. if it is still the same, i would suspect it will be the poller issues.
create a new temp poller - new poller will have fresh data, i mean the configurations. upgrading the existing might probably inherits back the issue, so a new poller might help. if it resolves, then you can decomm the problematic poller and assign back the license.