Monitoring Server Performance and Activity
By William R. Stanek
from Chapter 3, Microsoft Windows 2000 Administrator's Pocket Consultant .
Monitoring a server isn't something you should do haphazardly. You need to have a clear plan—a set of goals that you hope to achieve. Let's take a look at the reasons you may want to monitor a server and at the tools you can use to do this.
Figure 3-10: Use the Open dialog box to open the saved event log in a new view.
Why Monitor Your Server?
Troubleshooting server performance problems is a key reason for monitoring. For example, users may be having problems connecting to the server and you may want to monitor the server to troubleshoot these problems. Here, your goal would be to track down the problem using the available monitoring resources and then to resolve it.
Another common reason for wanting to monitor a server is to improve server performance. You do this by improving disk I/O, reducing CPU usage, and cutting down on the network traffic load on the server. Unfortunately, there are often trade-offs to be made when it comes to resource usage. For example, as the number of users accessing a server grows, you may not be able to reduce the network traffic load, but you may be able to improve server performance through load balancing or by distributing key data files on separate drives.
Getting Ready to Monitor
Before you start monitoring a server, you may want to establish baseline performance metrics for your server. To do this, you measure server performance at various times and under different load conditions. You can then compare the baseline performance with subsequent performance to determine how the server is performing. Performance metrics that are well above the baseline measurements may indicate areas where the server needs to be optimized or reconfigured.
After you establish the baseline metrics, you should formulate a monitoring plan. A comprehensive monitoring plan includes the following steps:
Determining which server events should be monitored in order to help you accomplish your goal.
Setting filters to reduce the amount of information collected.
Configuring monitors and alerts to watch the events.
Logging the event data so that it can be analyzed.
Analyzing the event data in Performance Monitor.
These procedures are examined later in the chapter. While you should develop a monitoring plan in most cases, there are times when you may not want to go through all these steps to monitor your server. For example, you may want to monitor and analyze activity as it happens rather than logging and analyzing the data later.
Using Performance Monitor
Performance Monitor graphically displays statistics for the set of performance parameters you've selected for display. These performance parameters are referred to as counters. You can also update the available counters when you install services and add-ons on the server. For example, when you configure DNS on a server, Performance Monitor is updated with a set of objects and counters for tracking DNS performance.
Performance Monitor creates a graph depicting the various counters you're tracking. The update interval for this graph is completely configurable but by default is set to one second. As you'll see when you work with Performance Monitor, the tracking information is most valuable when you record the information in a log file and when you configure alerts to send messages when certain events occur or when certain thresholds are reached, such as when a the CPU processor time reaches 99 percent. The sections that follow examine key techniques you'll use to work with performance monitor.
Choosing Counters to Monitor
The Performance Monitor only displays information for counters you're tracking. Dozens of counters are available—and as you add services, you'll find there are even more. These counters are organized into groupings called performance objects. For example, all CPU-related counters are associated with the Processor object.
To select which counters you want to monitor, complete the following steps:
Select the Performance option on the Administrative Tools menu. This displays the Performance console.
Select the System Monitor entry in the left pane, shown in Figure 3-11.
Figure 3-11: Counters are listed in the lower portion of the Performance Monitor window.
Performance Monitor has several different viewing modes. Make sure you're in View Chart display mode by selecting the View Chart button on the Performance Monitor toolbar.
To add counters, select the Add button on the Performance Monitor toolbar. This displays the Add Counters dialog box shown in Figure 3-12. The key fields are
Use Local Computer Counters Configure performance options for the local computer.
- Select Counters From Computer Enter the Universal Naming Convention (UNC) name of the server you want to work with, such as \\ZETA. Or use the selection list to select the server from a list of computers you have access to over the network.
Performance Object Select the type of object you want to work with, such as Processor.
Note: The easiest way to learn what you can track is to explore the objects and counters available in the Add Counters dialog box. Select an object in the Performance Object field, click the Explain button, and then scroll through the list of counters for this object.
All Counters Select all counters for the current object.
Select Counters From List Select one or more counters for the current object. For example, you could select % Processor Time and % User Time.
All Instances Select all counter instances for monitoring.
Select Instances From List Select one or more counter instances to monitor.
Figure 3-12: Select counters you want to monitor.
Tip Don't try to chart too many counters or counter instances at once. You'll make the display difficult to read and you'll use system resources—namely CPU time and memory—that may affect server responsiveness.
When you've selected all the necessary options, click Add to add the counters to the chart. Then repeat this process, as necessary, to add other performance parameters.
Click Done when you're finished adding counters.
You can delete counters later by clicking on their entry in the lower portion of the Performance window and then clicking Delete.
Using Performance Logs
You can use performance logs to track the performance of a server and you can replay them later. As you set out to work with logs, keep in mind that parameters that you track in log files are recorded separately from parameters that you chart in the Performance window. You can configure log files to update counter data automatically or manually. With automatic logging, a snapshot of key parameters is recorded at specific time intervals, such as every 10 seconds. With manual logging, you determine when snapshots are made. Two types of performance logs are available:
Counter Logs These logs record performance data on the selected counters when a predetermined update interval has elapsed.
Trace Logs These logs record performance data whenever their related events occur.
Creating and Managing Performance Logging
To create and manage performance logging, complete the following steps:
Access the Performance console by selecting the Performance option on the Administrative Tools menu.
Expand the Performance Logs And Alerts node by clicking the plus sign (+) next to it. If you want to configure a counter log, select Counter Logs. Otherwise, select Trace Logs.
As shown in Figure 3-13, you should see a list of current logs in the right pane (if any). A green log symbol next to the log name indicates logging is active. A red log symbol indicates logging is stopped.
You can create a new log by right-clicking in the right pane and selecting New Log Settings from the shortcut menu. A New Log Settings box appears, asking you to give a name to the new log settings. Type a descriptive name here before continuing.
Figure 3-13: Current performance logs are listed with summary information.
To manage an existing log, right-click its entry in the right pane and then select one of the following options:
Start To activate logging.
Stop To halt logging.
Delete To delete the log.
Properties To display the log properties dialog box.
Creating Counter Logs
Counter logs record performance data on the selected counters at a specific sample interval. For example, you could sample performance data for the CPU every 15 minutes. To create a counter log, complete the following steps:
Select Counter Logs in the left pane of the Performance console and then right-click in the right pane to display the shortcut menu. Choose New Log Settings.
In the New Log Settings dialog box, type a name for the log, such as System Performance Monitor or Processor Status Monitor. Then click OK.
In the General tab, click Add to display the Select Counters dialog box. This dialog box is identical to the Add Counters dialog box shown previously in Figure 3-12.
Use the Select Counters dialog box to add counters for logging. Click Close when you're finished.
In the Sample Data Every ... field, type in a sample interval and select a time unit in seconds, minutes, hours, or days. The sample interval specifies when new data is collected. For example, if you sample every 15 minutes, the log is updated every 15 minutes.
Click the Log Files tab, shown in Figure 3-14, and then specify how the log file should be created using the following fields:
Location Sets the folder location for the log file.
File Name Sets the name of the log file.
End File Names With Sets an automatic suffix for each new file created when you run the counter log. Logs can have a numeric suffix or a suffix in a specific date format.
Start Numbering At Sets the first serial number for a log that uses an automatic numeric suffix.
Log File Type Sets the type of log file to create. Use Text File – CSV for a log file with comma-separated entries. Use Text File – TSV for a log file with tab-separated entries. Use Binary File to create a binary file that can be read by Performance Monitor. Use Binary Circular File to create a binary file that overwrites old data with new data when the file reaches a specified size limit.
Figure 3-14: Configure the log file format and usage.
Tip If you plan to use Performance Monitor to analyze or view the log, use one of the binary file formats.
Comment Sets an optional description of the log, which is displayed in the Comment column.
Maximum Limit Sets no predefined limit on the size of the log file.
Limit Of Sets a specific limit in KB on the size of the log file.
Click the Schedule tab, shown in Figure 3-15, and then specify when logging should start and stop.
You can configure the logging to start manually or automatically at a specific date. Select the appropriate option and then specify a start date if necessary.
Tip Log files can grow in size very quickly. If you plan to log data for an extended period, be sure to place the log file on a drive with lots of free space. Remember, the more frequently you update the log file, the higher the drive space and CPU resource usage on the system.
Figure 3-15: Specify when logging starts and stops.
The log file can be configured to stop
After a specified period of time, such as seven days
At a specific date and time
When the log file is full (if you've set a specific file size limit)
Click OK when you've finished setting the logging schedule. The log is then created, and you can manage it as explained in the "Creating and Managing Performance Logging" section of this chapter.
Creating Trace Logs
Trace logs record performance data whenever events for their source providers occur. A source provider is an application or operating system service that has traceable events. On domain controllers you'll find two source providers: the operating system itself and Active Directory:NetLogon. On other servers, the operating system will probably be the only provider available.
To create a trace log, complete the following steps:
Select Trace Logs in the left pane of the Performance console and then right-click in the right pane to display the shortcut menu. Choose New, and then select New Log Settings.
In the New Log Settings dialog box, type a name for the log, such as Logon Trace or Disk I/O Trace. Then click OK. This opens the dialog box shown in Figure 3-16.
If you want to trace operating system events, select the Events Logged By System Provider option button. As shown in Figure 3-16, you can now select system events to trace.
Caution: Collecting page faults and file detail events puts a heavy load on the server and causes the log file to grow rapidly. Because of this, you should collect page faults and file details only for a limited amount of time.
If you want to trace another provider, select the Nonsystem Providers option button and then click Add. This displays the Add Nonsystem Providers dialog box, which you'll use to select the provider to trace.
When you're finished selecting providers and events to trace, click the Log Files tab. You can now configure the trace file as detailed in step 6 of the section of this chapter entitled "Creating Counter Logs." The only change is that the log file types are different. With trace logs, you have two log types:
Sequential Trace File Writes events to the trace log sequentially up to the maximum file size (if any).
Circular Trace File Overwrites old data with new data when the file reaches a specified size limit.
Figure 3-16: Use the General tab to select the provider to use in the trace.
Choose the Schedule tab and then specify when tracing starts and stops.
You can configure the logging to start manually or automatically at a specific date. Select the appropriate option and then specify a start date, if necessary.
You can configure the log file to stop manually, after a specified period of time (such as seven days), at a specific date and time, or when the log file is full (if you've set a specific file size limit).
When you've finished setting the logging schedule, click OK. The log is then created and can be managed as explained in the section of this chapter entitled "Creating and Managing Performance Logging."
Replaying Performance Logs
When you're troubleshooting problems, you'll often want to log performance data over an extended period of time and analyze the data later. To do this, complete the following steps:
Configure automatic logging as described in the "Using Performance Logs" section of this chapter.
Load the log file in Performance Monitor when you're ready to analyze the data. To do this, select the View Log File Data button on the Performance Monitor toolbar. This displays the Select Log File dialog box.
Use the Look In selection list to access the log directory, and then select the log you want to view. Click Open.
Counters you've logged are available for charting. Click the Add button on the toolbar and then select the counters you want to display.
Configuring Alerts for Performance Counters
You can configure alerts to notify you when certain events occur or when certain performance thresholds are reached. You can send these alerts as network messages and as events that are logged in the application event log. You can also configure alerts to start applications and performance logs.
To add alerts in Performance Monitor, complete the following steps:
Select Alerts in the left pane of the Performance console, and then right-click in the right pane to display the shortcut menu. Choose New Alert Settings.
In the New Alert Settings dialog box, type a name for the alert, such as Processor Alert or Disk I/O Alert. Then click OK. This opens the dialog box shown in Figure 3-17.
In the General tab, type an optional description of the alert. Then click Add to display the Select Counters To Log dialog box. This dialog box is identical to the Add Counters dialog box shown previously in Figure 3-12.
Figure 3-17: Use the Alert dialog box to configure counters that trigger alerts.
Use the Select Counters To Log dialog box to add counters that trigger the alert. Click Close when you're finished.
In the Counters panel, select the first counter and then use the Alert When The Value Is ... field to set the occasion when an alert for this counter is triggered. Alerts can be triggered when the counter is over or under a specific value. Select Over or Under, and then set the trigger value. The unit of measurement is whatever makes sense for the currently selected counter(s). For example, to alert if processor time is over 98 percent, you would select Over and then type 98 as the limit. Repeat this process to configure other counters you've selected.
In the Sample Data Every ... field, type in a sample interval and select a time unit in seconds, minutes, hours, or days. The sample interval specifies when new data is collected. For example, if you sample every 10 minutes, the log is updated every 10 minutes.
Caution: Don't sample too frequently. You'll use system resources and may cause the server to seem unresponsive to user requests.
Select the Action tab, shown in Figure 3-18. You can now specify any of the following actions to happen when an alert is triggered:
Log An Entry In The Application Event Log Creates log entries for alerts.
Send A Network Message To Sends a network message to the computer specified.
Run This Program Sets the complete file path of a program or script to run when the alert occurs.
Start Performance Data Log Sets a counter log to start when an alert occurs.
Tip You can run any type of executable file, including batch scripts with the .BAT or .CMD extension and Windows scripts with the .VB, .JS, .PL, or .WSC extension. To pass arguments to a script or application, use the options of the Command Line Arguments panel. Normally, arguments are passed as individual strings. However, if you select Single Argument String, the arguments are passed in a comma-separated list within a single string. The Example Command Line Arguments list at the bottom of the tab shows how the arguments would be passed.
Choose the Schedule tab and then specify when alerting starts and stops. For example, you could configure the alerts to start on a Friday evening and stop on Monday morning. Then each time an alert occurs during this period, the specified action(s) are executed.
Figure 3-18: Set actions that are executed when the alert occurs.
You can configure alerts to start manually or automatically at a specific date. Select the appropriate option and then specify a start date, if necessary.
You can configure alerts to stop manually, after a specified period of time, such as seven days, or at a specific date and time.
When you've finished setting the alert schedule, click OK. The alert is then created, and you can manage it in much the same way that you manage counter and trace logs.
from Microsoft Windows 2000 Administrator's Pocket Consultant by William R. Stanek. Copyright © 1999 Microsoft Corporation.