Performance Logs and Alerts overview

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Performance Logs and Alerts overview

With Performance Logs and Alerts you can collect performance data automatically from local or remote computers. You can view logged counter data using System Monitor or export the data to spreadsheet programs or databases for analysis and report generation. The following list explains the capabilities of Performance Logs and Alerts:

  • New in the Microsoft® Windows Server 2003 family is the ability to run log collections under different accounts. For example, if you need to log data from a remote computer that requires administrative credentials, you can specify an account with the necessary credentials.

  • Also new in the Windows Server 2003 family are two new security groups that help you to ensure that only trusted users can access and manipulate sensitive performance data. These are the Performance Log Users group and the Performance Monitor Users group.

  • The Windows Server 2003 family supports log files greater than 1 GB in size, and with its new log-file format, you can append performance data to an existing log file.

  • Performance Logs and Alerts collects data in a comma-separated or tab-separated format for easy import to spreadsheet programs. A binary log-file format is also provided for circular logging or for logging instances such as threads or processes that may begin after the log starts collecting data. (Circular logging is the process of continuously logging data to a single file, overwriting previous data with new data.)

  • You can also collect data in an SQL database format. This option defines the name of an existing SQL database and log set within the database where the performance data will be read or written. This file format is useful when collecting and analyzing performance data at an enterprise level rather than on a per-computer basis. Logging data directly to a SQL database is supported through open database connectivity (ODBC).

  • Counter data collected by Performance Logs and Alerts can be viewed during collection as well as after collection has stopped.

  • Because logging runs as a service, data collection occurs regardless of whether any user is logged on to the computer being monitored.

  • You can define start and stop times, file names, file sizes, and other parameters for automatic log generation.

  • You can manage multiple logging sessions from a single console window.

  • You can set an alert on a counter, thereby defining that a message be sent, a program be run, an entry made to the application event log, or a log be started when the selected counter's value exceeds or falls below a specified setting.

Similar to System Monitor, Performance Logs and Alerts supports defining performance objects, performance counters, and performance object instances. It also supports setting sampling intervals for monitoring data about hardware resources and system services. Performance Logs and Alerts also offers other options related to recording performance data:

  • Start and stop logging either manually on demand or automatically based on a user-defined schedule.

  • Configure additional settings for automatic logging, such as automatic file renaming, and set parameters for stopping and starting a log file based on the elapsed time or the file size.

  • Create trace logs. Using the default Windows Server 2003 family data provider or another application provider, trace logs record detailed system application events when certain activities, such as a disk I/O operation or a page fault, occurs. When the event occurs, your operating system logs the system data to a file specified by the Performance Logs and Alerts service. This differs from the operation of counter logs; when counter logs are in use, the service obtains data from the system when the update interval has elapsed, rather than waiting for a specific event. A parsing tool is required to interpret the trace log output. Developers can create such a tool using application programming interfaces (APIs) provided in the MSDN Library on the Microsoft Web site.

  • You can also produce trace analysis reports from trace log output files using the Tracerpt tool. Use this tool to process kernel, Active Directory, and other transactional based trace event logs, and to generate trace analysis reports and .csv files from binary logs.

  • Define a program that runs when a log is stopped.

  • If you want to export log data to Microsoft Excel, the Performance Logs and Alerts service must be stopped because Microsoft Excel requires exclusive access to the log file. Most other programs are not known to require this exclusive access; therefore, in general you can work with data from a log file while the service is collecting data to that file.

For more information about the Performance Logs and Alerts user interface, see Performance Logs and Alerts interface.