Audit Collection Services Performance Counters
Updated: November 1, 2013
Applies To: System Center 2012 - Operations Manager, System Center 2012 R2 Operations Manager, System Center 2012 SP1 - Operations Manager
In System Center 2012 – Operations Manager, the Audit Collection Services (ACS) collector service includes two performance objects that have a total of 16 counters: the Collector object and the Collector Client object. The Collector object has 14 counters, and the Collector Client object has two counters. The counters in the Collector object record performance statistics from the perspective of the ACS collector. The Collector Client counters record performance statistics from the perspective of a single ACS forwarder.
Performance objects and counters are viewable in System Monitor, which is a part of Performance Console available in Windows Server products. For more information about monitoring performance and System Monitor, see System Monitor Overview.
The following table describes each counter in the Collector performance object. If the counter describes information that is added to a specific table in the ACS database, that table is defined in the counter description.
- Connected Clients
- The number of ACS forwarders currently connected to the ACS collector.
- Database Queue % Full
- The ratio of the number of events currently in the ACS database loader queue divided by the highest number of requests that the database loader queue has had. This ratio is expressed as a percentage.
- Database Queue Length
- The number of events currently in the database loader queue.
- DB Loader Events Inserts/sec
- The average number of records added, per second, to the dtEvent table in the ACS database, which contains event record entries.
- DB Loader Principal Inserts/sec
- The average number of records added, per second, to the dtPrincipal table in the ACS database, which contains information about the user and computer accounts that have access to the ACS components.
- DB Loader String Inserts/sec
- The average number of records added, per second, to the dtString table in the ACS database.
- DB Principal Cache Hit %
- The percentage of all handling requests that are serviced by the principal cache instead of the dtPrincipal table in the ACS database.
- DB Request Queue Length
- The number of requests from the ACS collector currently waiting to be serviced by the ACS database. These requests are used during forwarder handshake and during database maintenance. They are not part of normal event handling.
- DB String Cache Hit %
- The percentage of all handling requests that are serviced by the string cache, thereby avoiding a lookup in the dtString table in the ACS database.
- Event time in collector in milliseconds
- The amount of time, in milliseconds, between event arrival at the ACS collector and insertion into the ACS database queues.
- Incoming Events/sec
- The total number of events arriving, per second, at the collector from all connected ACS forwarders.
- Interface Audit Insertions/sec
- The number of event records, per second, sent by the collector to Windows Management Instrumentation (WMI) for forwarding to an application outside of ACS.
- Interface Queue Length
- The average number of requests waiting on WMI resources.
- Registered Queries
- The total number of subscription requests that WMI has received for ACS events since the ACS Collector service was last started.
Collector Client Object
The Collector Client performance object displays statistics about events that occur on a specified ACS forwarder. The ACS Collector Client performance object is installed on the ACS collector. If multiple ACS forwarders are connected to the ACS collector, multiple instances of the counter are displayed. In large environments with more than 100 ACS forwarders connected to an ACS collector, the Collector Client performance object, by default, displays the statistics of the ACS forwarders with the highest asset values. ACS forwarders that have the most audit events are assigned higher asset values to ensure their connections are prioritized over ACS forwarders with fewer events.
|Asset values are assigned automatically by the ACS collector. You can change the assigned asset values using AdtAdmin.exe and the \UpdForwarder parameter. For more information about the AdtAdmin.exe tool, see Audit Collection Services Administration (AdtAdmin.exe).|
The Collector Client performance object has two counters. The following table describes each of these counters.
- Average time between event generation
- The average amount of time, in milliseconds, from the creation of an event to the time the event arrives at the ACS collector.
- Incoming Audits/sec
- The total number of events sent to the ACS collector from the ACS forwarder.
TasksHow to Configure Certficates for ACS Collector and Forwarder
How to Enable Audit Collection Services (ACS) Forwarders
How to Enable Event Logging and ACS Rules on Solaris and AIX Computers
How to Filter ACS Events for UNIX and Linux Computers
How to Remove Audit Collection Services (ACS)
ConceptsCollecting Security Events Using Audit Collection Services in Operations Manager
Audit Collection Services Capacity Planning
Audit Collection Services Security
Monitoring Audit Collection Services Performance
Audit Collection Services Administration (AdtAdmin.exe)
For additional resources, see Information and Support for System Center 2012.
Tip: Use this query to find online documentation in the TechNet Library for System Center 2012. For instructions and examples, see Search the System Center 2012 Documentation Library.