Performance Logs and Alerts overview

With Performance Logs and Alerts you can collect performance data automatically from local or remote computers. You can view logged counter data using System Monitor or export the data to spreadsheet programs or databases for analysis and report generation. Performance Logs and Alerts offers the following capabilities:

  • Performance Logs and Alerts collects data in a comma-separated or tab-separated format for easy import to spreadsheet programs. A binary log-file format is also provided for circular logging or for logging instances such as threads or processes that may begin after the log starts collecting data. (Circular logging is the process of continuously logging data to a single file, overwriting previous data with new data.)

  • You can also collect data in a SQL Database format. This option defines the name of an existing SQL database and log set within the database where the performance data will be read or written. This file format is useful when collecting and analysing performance data at an enterprise level rather than a per-server basis.

  • Counter data collected by Performance Logs and Alerts can be viewed during collection as well as after collection has stopped.

  • Because logging runs as a service, data collection occurs regardless of whether any user is logged on to the computer being monitored.

  • You can define start and stop times, file names, file sizes, and other parameters for automatic log generation.

  • You can manage multiple logging sessions from a single console window.

  • You can set an alert on a counter, thereby defining that a message be sent, a program be run, an entry made to the application event log, or a log be started when the selected counter's value exceeds or falls below a specified setting.

Similar to System Monitor, Performance Logs and Alerts supports defining performance objects, performance counters, and object instances, and setting sampling intervals for monitoring data about hardware resources and system services. Performance Logs and Alerts also offers other options related to recording performance data:

  • Start and stop logging either manually on demand or automatically based on a user-defined schedule.

  • Configure additional settings for automatic logging, such as automatic file renaming, and set parameters for stopping and starting a log based on the elapsed time or the file size.

  • Create trace logs. Using the default system data provider or another application provider, trace logs record detailed system application events when certain activities such as a disk I/O operation or a page fault occurs. When the event occurs, logs the data to a file specified by the Performance Logs and Alerts service. This differs from the operation of counter logs; when counter logs are in use, the service obtains data from the system when the update interval has elapsed, rather than waiting for a specific event. A parsing tool is required to interpret the trace log output. Developers can create such a tool using application programming interfaces (APIs) provided on the Microsoft Web site.

  • You can also produce trace analysis reports from trace log output files using the Tracerpt tool. Use this tool to process kernel, Active Directory, and other transactional based trace event logs, and to generate trace analysis reports and a .csv files from binary logs.

  • Define a program that runs when a log is stopped.

  • If you want to export log data to Microsoft Excel, the Performance Logs and Alerts service must be stopped because Microsoft Excel requires exclusive access to the log file. Other programs are not known to require this exclusive access; therefore, in general you can work with data from a log file while the service is collecting data to that file.

  • For more information about the Performance Logs and Alerts user interface, see Performance Logs and Alerts interface