The logging you show for user accounts suggests there are scripts trying to access your device regularly. You can prevent this by applying the manager-ip filters and restrict login to only ip address ranges you will manage the device from. this is important if you enable management on the untrust interface.
When you add addresses be sure to add the address range you are currently logged into the device from first as they apply immediately and will lock you out.
But as mentioned above, this is not the memory issue, just another attack vector.