Home > Uncategorized > Monitoring Windows Server 2003 with Performance Logs

Monitoring Windows Server 2003 with Performance Logs

April 2nd, 2008

In a post at http://www.techrepublic.com I previously provided an overview of the Performance Logs and Alerts Snap-in within Windows Server 2003. The goal here is to look at the Performance Logs exclusively and create logs for counters and traces.

What is the difference which method I use?

The system monitor is a live look at counter activity. It is active until you close it, once closed it will need counters added again.

Performance logs work a little differently, recording events to log files or databases for later review. This will allow you to configure a log and review it on a weekly basis.

Logging types

Performance logs differ from the system monitor in another way as well. They can be configured to work with counters (covered in another tip) which will show specific continual data about a system object, but they can also be created for traces.

Traces are instances of an event that happens to an object. For example, if you wanted to create a trace log to monitor processor activity, as activity occurred it would be recorded.

Another nice thing about trace logs is that they can be started and stopped; when a trace is stopped its settings are still saved.

Counters are snapshots of a given object at set points in time. A counter log will work nicely, however if no activity happens when the object is sampled, there will be very little recorded.

Creating performance counter logs

To create a performance log for counters monitoring, for example, the CPU complete the following steps:

  1. Expand the performance Logs and Alerts section in the Computer Management Console
  2. Right Click the Counter Logs object
  3. Choose New Log Settings
  4. Enter a name for your log
  5. Click OK
  6. Select the Local PC for monitoring at the top of the add counters dialog
  7. Choose the performance object you wish to monitor, in this case processor

Note: You will need to choose to add all counters for the Processor object or to add only select counters.

  1. Choose Select counters from a list
  2. Choose the counters that you wish to use by highlighting each counter and clicking add, for this example choose the % Processor Time counter

If the counter you have added has multiple instances you will need to decide if you want to use all instances of the counter or to use selected instances.

  1. Choose to use selected instances
  2. Highlight the Total instance
  3. Click close to close the Add counter dialog and add the counter to the log
  4. Specify a sample interval for the counter in the text box labeled Sample Data Every…

The sample interval specifies how often a sample for this log will be taken.

  1. Click the Log files tab to specify the details for log file output
    1. Specify the log file type
    2. Choose a number to end log file names with (if desired)
    3. Specify the starting number for number appended to the end of file names
    4. Add comments to the log file if needed
    5. Check the Overwrite existing file if you would like to overwrite old data with ne
  2. Click the configure button after choosing a log type to specify output file location. If you select the output to be stored in a SQL database you will need to supply connection and table information for the output.
  3. Create a schedule for the log using the schedule tab

On the schedule tab you can choose to start and stop the log at a given time or manually using the shortcut menu. For reviewing purposes you might choose to set a start and stop time for the log to make things a bit easier.

  1. Click OK to close and save the log

Creating performance trace logs

Creating trace logs for events is very similar to creating logs for counters. A trace log can be created by completing the following steps:

  1. In the left pane of the Computer Management Console, with Performance Logs and Alerts expanded, right click Trace logs and choose New Log Settings
  2. Enter a name for the trace file and click OK

Doing this will open a dialog box allowing you to configure the settings for your new trace

  1. Select the Events Logged by System Provider option button
  2. Select the checkboxes for the properties you wish to log

If you want to monitor other non-system provided objects, select the Non-system Providers option button and click Add to add new providers that can be traced.

  1. In the Run As box, enter the username of the account you want to run this log
  2. Click the Set Password button to specify a password for the account
  3. Click the log files tab to specify output options.

Note: These options are the same as the log file options discussed above with two exceptions:

Sequential trace file – writes entries in the log file sequentially up to the maximum file size, if specified

Circular trace file – Overwrites old data with new data when the file reaches a specified size limit

  1. Click the Schedule tab to specify a start and stop time for the trace, or to start and stop it manually
  2. Click OK to save and close the trace

Counter and Trace logs can be very helpful in monitoring your Windows Server 2003 systems at consistent intervals. When used with the System Monitor these logs can aide in finding long term system issues and determining if they have been happening consistently.

Categories: Uncategorized Tags:
Comments are closed.