Windows Server 2003 comes with two performance monitoring tools which give administrators the data they need to find bottlenecks and for troubleshooting Windows.
I discussed System Monitor a previous article. In this tip I'll discuss the second tool, Performance Logs and Alerts.
The Performance Logs and Alerts utility has two types of performance-related logs: counter logs and trace logs. These logs are used for advanced performance analysis and data logging over a period of time. The utility also has a mechanism to trigger alerts.
Some performance analysis improvements are new in Windows Server 2003. One is the ability to run log collections under different accounts. For example, if you need to log data from a remote server that requires administrator privileges, the system will allow you to specify an account with the necessary permissions using the Run As feature. Another improvement is the ability to support log files greater than 1GB. Performance data can also be appended to an existing log file because of the new log file format.
Note: Data collection occurs regardless of whether a user is logged on to the server being monitored because logging runs as a service.
The three components to Performance Logs and Alerts are trace logs, counter logs and alerts.
Alerts are useful for notification purposes in times of emergency (unusual activity that does not occur often) such as bandwidth saturation to or from an NIC hosting a critical application. Alerts provide notification when a particular resource performance value exceeds or drops below a threshold, baseline or set value.
Configuring trace logs
Configuring and enabling trace logs to monitor the activities of an application or environment variable is simply a matter of creating a trace log filename and enabling logging. To create a trace log:
For a list of installed providers and their status (enabled or not), click Provider Status in the General tab. By default, the Nonsystem Providers option is selected to keep trace logging overhead to a minimum. Click Events Logged by System Provider and check the boxes as appropriate to define events for logging.
On the Log File tab, you can configure the log to be circular, so that when the log file reaches a predetermined size, it will be overwritten.
About the author: Rahul Shah currently works at a software firm in India, where he is a systems administrator maintaining Windows servers. He has also worked for various software firms in testing and analytics, and also has experiences deploying client/server applications in different Windows configurations.
More information on this topic:
02 Mar 2007