The Alerter Service, Part 1: Your New Best Friend

By Brien M. Posey, MCSE for TechRepublic.com

Microsoft recommends running Performance Monitor when you first bring a new server online to establish a baseline of normal system values. These baseline values include free disk space and how much processor time a server uses. Microsoft also recommends checking Performance Monitor logs periodically so that you can see if your server is about to exhaust its resources.

Unfortunately, in the chaotic world of networking, such tasks often take a back seat to more pressing issues. Even the most diligent LAN manager may neglect their Performance Monitor logs once in a while. Although neglecting your logs may seem harmless enough, someday your server could come to a screeching halt because of a simple error that could've been prevented.

Fortunately, Microsoft includes the Alerter service with Microsoft® Windows NT®. The Alerter service takes a lot of work out of managing your network. In this article, I'll discuss the Alerter service and its capabilities. I'll also explore additional techniques you can use to make this service more effective.

On This Page

What is the Alerter Service?
Enabling the Alerter Service
Configuring the Alerter Service
More Parameters
Managing Disk Space
Managing Other Counters
Sending an E-mail Message
Conclusion

What is the Alerter Service?

The Alerter service is a tool that expands the capabilities of Performance Monitor. Within Performance Monitor, each of the various counters should stay above or below its preset value. You can use the Alerter service to have Performance Monitor send you a network pop-up message and/or run a program when one of the counters exceeds a preset threshold.

Enabling the Alerter Service

Before you can use the Alerter service, you must enable it. To do so, open Control Panel and launch the Services icon. When you see the Services dialog box, double-click the Alerter service. When you do, you'll see the Service dialog box. Now, set the Startup Type to Automatic, as shown in Figure A, and click OK. This will make the Alerter service start up automatically each time Windows NT starts.

Figure A: Configure the Alerter service to start automatically.

Next, make sure that the Alerter service is selected and click the Start button. At this point, Windows NT should start the Alerter service. You'll know that the service is running when the word "Started" appears beside the service, as shown in Figure B.

Figure B: You'll know that the Alerter service is running when you see the word "Started" beside the service.

Configuring the Alerter Service

Now that you've started the Alerter service, you must configure it for your needs. To do so, open Performance Monitor. When Performance Monitor starts, select Alert from the View menu. At this point, select the Add To Alert command from the Edit menu. When you do, you'll see the Add To Alert dialog box, shown in Figure C.

Figure C: The Add To Alert dialog box enables you to configure the Alerter service to meet your needs.

The Add To Alert dialog box enables you to configure the Alerter service to meet your needs. As you can see in Figure C, this dialog box is divided into several sections. I'll discuss the most important sections of the Alert dialog box.

Computer

The Computer section refers to the computer you're monitoring. The computer you're monitoring isn't necessarily the same computer from which you're running Performance Monitor. It's actually possible to monitor every server on your network from a single Windows NT Workstation. For the purposes of this article, I'll assume that you want to monitor the local machine.

Object

The Object section refers to the part of your computer that you want to monitor. For example, you can select options like Processor, Memory, and Logical Disk from the Object drop-down menu. It's important to point out that you're not restricted to monitoring only one type of object. You can monitor as many objects as you like.

Counter

For each object, there are several different counters. A counter is a measurable aspect of that object. For example, you couldn't just say, "keep an eye on the hard disk" to someone. They'd need to know what aspect of the hard disk you wanted them to watch. Did you want them to watch how much space is left, or maybe how many read and write attempts there are within a given length of time. Which partition do you want them to look at? These are the types of questions that you must answer for Performance Monitor via the Counter drop-down list. Granted, some of the counter names can be really cryptic. Fortunately, the Add To Alert dialog box includes an Explain button. Simply click the Explain button and Performance Monitor will provide you with an explanation of the selected counter, as shown in Figure D.

Figure D: You can use the Explain button to get an explanation of each counter.

Alert If

The Alert If section enables you to specify the threshold at which you want to be alerted. Each counter relates to a numerical value. When you specify a value in the Alert If section, the Alerter service will take action when that value is exceeded. You can also click the Under radio button, and the Alerter service will take action if the counter drops below the value you've specified.

Run Program on Alert

The Run Program On Alert section is probably the most valuable section in this dialog box. It's pointless for your computer to compare values all day if it can't react when the key value is reached. By specifying a program to run if the threshold value is reached, you can perform tasks to bring the counter in question back within the acceptable range.

You'll also notice the First Time and Every Time radio buttons. These buttons enable you to control whether the program you've specified should run only the first time the threshold value is reached, or every time.

More Parameters

Before we begin customizing counters, I should show you some other options that you need to set. Click the Cancel button on the Add To Alert dialog box. Now, select the Alert command from the Options menu. When you do, you'll see the Alert Options dialog box, shown in Figure E.

Figure E: The Alert Options dialog box enables you to configure global Alert options.

The Alert Options dialog box enables you to configure global Alert options. The first two options are pretty self-explanatory. Unless you have a compelling reason not to, it's a good idea to select the Switch To Alert View and the Log Event In Application Log check boxes. You should also consider sending a network alert, which generates a pop-up message on the computer of your choice. By doing so, you'll know when a threshold has been crossed, and you'll know that you should check and make sure things are okay. You should also increase the Periodic Update time. Otherwise, if a threshold is crossed, you'll receive a pop-up message every five seconds. This can cause additional problems because you'll be too busy clearing messages to fix the initial problem. Sending large numbers of messages can also negatively impact your server's performance. I recommend changing this setting to about ten or fifteen minutes. Keep in mind that this variable is measured in seconds, so be sure to multiply the number of minutes by sixty. When you're done, the Alert Options dialog box should look similar to the one shown in Figure F.

Figure F: The Alert Options dialog box should resemble this.

Managing Disk Space

When it comes to keeping your server online, keeping an eye on hard disk space is the most crucial aspect. To monitor disk space, go to the Add To Alert dialog box and select LogicalDisk. Next, select the %Free Space counter. This counter measures the percentage of disk space remaining on each partition. The value you should use depends on the size of your partition. For example, ten percent of a 2 GB partition is 200 MB, while ten percent of a 10 GB partition is 1 GB. Needless to say, 200 MB free is much more of a cause for alarm than 1 GB, unless you have some really disk hungry applications.

Because the critical threshold differs depending on the size of your hard disk, you can set a different limit on each partition. In Figure G, I've set various limits on each partition, based on the partition size. You can see these limits at the bottom of the figure. I did this by entering the percentage of space in the Alert If section, and selecting the appropriate partition from the Instance section, and clicking the Add button. Click the Done button when you're finished adding alerts.

Figure G: You can specify various thresholds depending on the size of the partition.

I mentioned earlier that you could run a program when an alert is triggered. For low disk space, you might set up a batch file that goes through various directories and deletes temporary files or other files that are no longer needed. If you've set up such a batch file, but continue to get the alert, it may be time to take other action, such as relocating a virtual memory file, or moving data to a different partition.

Managing Other Counters

Although disk space is a good example of a resource to monitor, there are plenty of other counters you can keep an eye on. Although you can set alerts on all of these counters, it doesn't necessarily mean that you should. For example, do you really want to be notified every time the disk queue length is longer than normal?

The reason for monitoring counters is that they can point to a possible larger problem. For example, according to Microsoft, if your disk queue length is consistently greater than two, you could probably use more memory, because the computer may be swapping information out to disk more often than normal, thus causing the disk queues to back up. If you set up an alert on the disk queues, you'd be getting alert messages for events that are far from critical.

You should also remember that it's not only possible, but also normal, for these counters to sometimes exceed the recommended limit. For example, according to Microsoft, if your average %PROCESSOR TIME exceeds 80 percent, you need a faster processor. However, you wouldn't want to set an alert on the 80 percent threshold, because you're only concerned about the average value. It's perfectly acceptable for this counter to occasionally hit the one hundred percent mark, as long as it doesn't stay there.

Sending an E-mail Message

Sending an e-mail message is beyond the capabilities of the Alerter service. However, if you're running Microsoft Exchange Server, there's a tool in the Microsoft Exchange Resource Kit that enables you to do this. The MAPISEND.EXE program enables you to send an e-mail message via the command line. Because each alert is capable of running a different batch file, you could create batch files designed to send an e-mail message with information about the alert. For example, you might create a batch file that sends a message like, "The C Partition on Server Titanium is down to 200 MB of free disk space." As I mentioned earlier, the disk space threshold is actually measured in percentage, but you should design the message to be meaningful. For example, if you were to get a message at 3:00 AM, would you want it to say, "The disk is down to 10 percent free space"? You'd probably be half-asleep and have to try to figure out which server it could be, which partition, and more importantly, how much space is 10 percent.

The MAPISEND utility is easy to use. There are some basic command line switches that you must provide along with your message. You can read all about the setup procedure and use of the MAPISEND tool in the Microsoft Exchange Resource Kit documentation, which is included in Microsoft's TechNet.

You may be wondering, "What's the use of sending an e-mail message at 3:00 AM if you're in bed asleep instead of checking your mail?". However, many pagers and cellular phones are capable of receiving e-mail messages. You could easily create a special mailbox that's reserved for critical messages, and have those messages forwarded to your pager. In fact, in a future article, I'll show you how you can make the server call you on the phone and verbally describe the alert condition to you.

Conclusion

In this article, I've discussed the Alerter service and why it's such a valuable networking tool. I've also examined how to make the most of the Alerter service's capabilities through batch files.

Brien M. Posey is an MCSE who works as a freelance writer. He also works as a systems engineer for the United States Department of Defense. You can contact him at Brien_Posey@xpressions.com. Due to the high volume of e-mail he receives, it's impossible for Brien to answer all letters, but he does read them all and responds when possible.

We at Microsoft Corporation hope that the information in this work is valuable to you. Your use of the information contained in this work, however, is at your sole risk. All information in this work is provided "as -is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Microsoft Corporation. Microsoft Corporation shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages. All prices for products mentioned in this document are subject to change without notice.