A good chunk of a Windows administrator's systems management efforts focus on performance monitoring. Every day, admins continually monitor the performance of their servers and server operating systems. This guide examines some of the tools that Windows administrators can use to optimize their performance monitoring processes.
TABLE OF CONTENTS
- Troubleshooting and monitoring Windows systems performance
- Monitoring and maintaining log files
There are several performance monitoring tools available to Windows administrators. Which tool you use will depend on what you are trying to accomplish, your operating system and your technical skills.
It is normal for a system's performance to diminish over time as more applications, drivers, etc. are installed. Eventually though, a system's performance may reach an unacceptably low level. When this happens, you need to know what to do about the problem.
In some cases, you might have to replace an aging server. In other cases, a simple memory upgrade or the removal of a buggy device driver might give the system's performance a huge boost. The problem is that Windows isn't going to come out and tell you what you need to do to fix the problem. It's up to you to figure out which diagnostic utility to use.
The three primary performance monitoring utilities included with various versions of Windows are Performance Monitor, Task Manager and the new Reliability and Performance Monitor.
The primary tool for diagnosing a system's performance is Performance Monitor. Performance Monitor has had several names over the years. Some Microsoft documentation refers to Performance Monitor as PerfMon. Some older version of Windows referred to it as System Monitor. In any case, Performance Monitor has been around in one form or another since the days of Windows NT.
Performance Monitor works by allowing the administrator to select specific counters they want to monitor. Each of these counters corresponds to a specific aspect of system performance. By selecting the counters appropriate to the situation at hand, an administrator is able to diagnose system performance at a granular level.
Admins can use Performance Monitor not just to diagnose performance problems, including finding memory leaks, but to prevent them from occurring in the first place. In many organizations, it's common practice to run Performance Monitor against the organization's servers on a constant basis.
When this is done, the counter sampling frequency is set low so that Performance Monitor only minimally impacts the server's performance. Depending on the organization, Performance Monitor can sample performance data once an hour or a few times a day.
The advantage of doing this is that the collected data can be logged and analyzed. This allows the organization to spot trends. By examining long-term Performance Monitor data, a systems administrator may learn when an organization's servers are under the most stress.
Analysis of long-term data also shows organizations how much each server's workload increases over time. This information is important for preventing performance-related problems from occurring down the road. For example, if you noticed that your server has to work 3% harder each month, you could estimate that a year from now the workload might routinely be 36% higher than it is today. With that knowledge, you can plan for any upgrades that might be necessary for the server to better handle the increased workload.
The major drawback to Performance Monitor is that there are hundreds of counters to choose from. Unless an admin understands what each counter actually measures and knows how to interpret the collected data, Performance Monitor is worthless.
Sometimes, Performance Monitor behaves really strangely. You may wonder what this odd behavior means and whether you can trust the counter values it's given you. This tip sheds some light on some of the eccentricities of Performance Monitor.
Since using the Performance Monitor can be complicated, Microsoft built a simplified version of the Performance Monitor into the Windows Task Manager. You can access this simplified monitor by pressing Ctrl+Alt+Delete, then clicking the Task Manager button.
The Task Manager cannot perform the various logging functions that are available through the Performance Monitor, and in most versions of Windows, you cannot look up additional performance data. But what the Task Manager lacks in functionality, it makes up for in simplicity. For example, key information related to CPU, pagefile, and memory usage are clearly displayed.
Should Task Manager somehow become disabled, this tip explains how to re-enable Task Manager.
Windows Vista and Windows Server 2008 have introduced an augmented version of Performance Monitor called the Reliability and Performance Monitor. One of the tool's key features is its ability to collect event log information and use it to determine the machine's reliability, not only from an error history but from factors such as the application or driver installations. Key events are logged on a time line so an administrator can read a machine's history at a glance.
The Reliability and Performance Monitor also includes several pre-defined data collector sets. These data collector sets free administrators from trying to figure out which Performance Monitor counter to use (although manually selecting counters is still an option). Also, administrators no longer have to interpret graphs, as the predefined data collector sets generate reports.
Once you've determined the performance monitoring tool that best suits your needs, you can now explore how these, and many other tools can help troubleshoot and monitor Windows systems performance.
Microsoft's Windows Server 2003 Performance Advisor 2.0 is a data-collection and data-analysis tool that produces customizable reports about the performance of a server running Windows 2003 Server. Administrators can produce reports on specific subsystems, such as the performance of SQL Server or on low-level functions like CPU and physical memory usage. It also creates reports for server roles such as Active Directory, Internet Information Services (IIS), DNS, Terminal Services, SQL Server and print spooler, according to Microsoft.
Version 2.0 runs only on Windows Server 2003 with the .NET 1.1 Framework; it will not run on earlier versions of Windows Server or Windows XP.
Windows Server 2003's Performance Logs and Alerts utility has two types of performance-monitoring related logs: counter logs and trace logs. These logs are used for advanced performance analysis and data logging over a period of time. The utility also has a mechanism to trigger alerts.
Some performance analysis improvements are new in Windows Server 2003. One is the ability to run log collections under different accounts. For example, if you need to log data from a remote server that requires administrator privileges, the system will allow you to specify an account with the necessary permissions using the Run As feature.
Performance Logs and Alerts can also be used as a log monitoring tool. Performance Logs and Alerts can run log collections under different accounts and can support log files greater than 1GB. Performance data can also be appended to an existing log file because of the new log file format. The utility has two performance-related logs, counter logs and trace logs.
For those who need help handling large log files, there's a freeware tool called fLogViewer. This tool can monitor plaintext log files in real time, handle how IIS writes log files and manage large log files without choking. It also has an auto-archiving function that automatically stores concluded logs in a folder or .ZIP file. The viewer can even read files from a remote server via HTTP without having to repeatedly download the whole file.
If you need a tool that can monitor, manage and read event log files, consider LogParser, a free command line utility from Microsoft. This tool can handle any text-based file and can make sense of logs of all sorts. It essentially converts text log files into a SQLServer database, then uses SQLServer's tools to apply SQL statements to that database to present the information in a variety of formats. Although some administrators consider using SQL statements from the command line an exercise in medium-level geekspeak, LogParser presents the results in clear formats that even non-administrators can easily understand.
Another event log management tool is the EventSentry application suite for Windows Server 2003 (as well as NT, 2000 and XP). This tool from Netikus.Net Ltd. not only monitors your server's (or workstation's) event logs, but also your system health and network devices. A stripped-down freeware version of EventSentry, called EventSentry Light, is also available.
This was first published in June 2007