Setting up a monitoring configuration

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Setting up a monitoring configuration

Setting up a monitoring configuration is the first step in evaluating your system's performance. To monitor your Windows Server 2003 family operating system, you can choose to view data in a graph or collect the data in log files for use in other applications.

Note

  • For best results, read the following sections for setting up your monitoring configuration. To get started quickly, however, you can use the predefined log settings under Counter Logs. These settings, named System Overview, are configured to create a binary log that, after manual startup, updates every 15 seconds and logs continuously until it achieves a maximum size. If you start logging with these settings, data is saved to the Perflogs folder on the root directory and includes the counters: Memory\Pages/sec, PhysicalDisk(_Total)\Avg. Disk Queue Length, and Processor(_Total)\% Processor Time.

Choosing the monitoring method

Graphs are useful for short-term, real-time monitoring of a local or remote computer--for example, when you want to observe a system event while it is happening. Choose the update interval to best capture the type of activity you are interested in. Logs are useful for record-keeping and for extended monitoring, especially of a remote computer; logged data can be exported for report generation and presented as graphs or histograms using System Monitor. Logging is the most practical way to monitor multiple computers.

Choosing how often to monitor

For routine monitoring, start by logging activity over 15-minute intervals. If you are monitoring for a specific problem, you might want to vary the interval. If you are monitoring the activity of a specific process at a specific time, set a frequent update interval; however, if you are monitoring a problem that manifests itself slowly, such as a memory leak, use a longer interval.

Also consider the overall length of time you want to monitor when choosing this interval. Updating every 15 seconds is reasonable if you plan to monitor for no more than four hours. If you plan to monitor a system for eight hours or more, set an interval longer than 300 seconds (five minutes). Setting the update interval to a frequent rate (low value) can cause the system to generate a large amount of data. This can be difficult to work with and can increase the overhead of running Performance Logs and Alerts.

Monitoring a large number of objects and counters can also generate large amounts of data and consume disk space. Try to strike a balance between the number of objects you monitor and the sampling frequency to keep log file size within manageable limits.

Choosing the data to monitor

Start by monitoring the activity of the following components in order:

  1. Memory

  2. Processors

  3. Disks

  4. Network

The following table shows the types of counters recommended for server monitoring. When examining specific resources, you should include other counters for the associated performance object.

Component Performance aspect being monitored Counters to monitor

Disk

Usage

Physical Disk\Disk Reads/sec Physical Disk\Disk Writes/sec LogicalDisk\% Free Space Interpret the % Disk Time counter carefully. Because the _Total instance of this counter may not accurately reflect utilization on multiple-disk systems, it is important to use the % Idle Time counter as well. Note that these counters cannot display a value exceeding 100%.

Disk

Bottlenecks

Physical Disk\Avg. Disk Queue Length (all instances)

Memory

Usage

Memory\Available Bytes Memory\Cache Bytes

Memory

Bottlenecks or leaks

Memory\Pages/sec Memory\Page Reads/sec Memory\Transition Faults/sec Memory\Pool Paged Bytes Memory\Pool Nonpaged Bytes Although not specifically Memory object counters, the following are also useful for memory analysis: Paging File\% Usage object (all instances) Cache\Data Map Hits % Server\Pool Paged Bytes and Server\Pool Nonpaged Bytes

Network

Throughput

Protocol transmission counters (varies with networking protocol); for TCP/IP: Network Interface\Bytes total/sec Network Interface\Packets/sec Server\Bytes Total/sec or Server\Bytes Transmitted/sec and Server\Bytes Received/sec

Processor

Usage

Processor\% Processor Time (all instances)

Processor

Bottlenecks

System\Processor Queue Length (all instances) Processor\Interrupts/sec System\Context switches/sec

If some of the counters listed in the preceding table are not available on your computer, verify that you have installed the necessary services or activated the counters.

Choosing the computer to use for monitoring

When monitoring computers remotely, you have some options for collecting data. For example, you can run performance logging on the administrator's computer, drawing data continuously from each remote computer. In another case, you can have each computer running the service to collect data and, at regular intervals, run a batch program to transfer the data to the administrator's computer for analysis and archiving. Note that Performance Logs and Alerts allows you to specify a batch file that will run whenever a given log file is closed for a specified log.

Centralized data collection (that is, collection on a local computer from remote computers that you are monitoring) is simple to implement because only one logging service is running. You can collect data from multiple systems into a single log file. It causes additional network traffic, however, and might be restricted by available memory on the administrator's computer. To do centralized data collection, use the Add Counters dialog box to select a remote computer while running Performance Logs and Alerts on your local computer.

Distributed data collection (that is, data collection that occurs on the remote computers that you are monitoring) does not incur the memory and network traffic problems of centralized collection. It does result in delayed availability of the data, however, requiring that the collected data be transferred to the administrator's computer for review. To do distributed data collection, use the Performance Logs and Alerts node within Computer Management on a local computer to select a remote computer on which to collect data.

Remote monitoring

If you plan to monitor remote computers, you must have the appropriate administrative credentials to gain access to them. In order to monitor remote systems from your computer, you must specify a Run as account that has access to the remote computer. The Run as option sets the account for the specified log or alert, not for the entire Performance Logs and Alerts service. By default, the service is started under the local computer's NTAuthority\NetworkService account, which generally has permission only to access services and resources on the local computer. To start the service under a different account, use the Run as option when configuring data collection, or use Services under Computer Management, and update the properties of the Performance Logs and Alerts service.

Keeping records of performance data

Performance Logs and Alerts provides you with the ability to log performance data to an SQL database. When you retain your logged data in a database, you can query the information and include it in reports. Using database analysis tools, you can query results and examine the results in detail using a variety of parameters. You can also use logs for trend analysis and capacity planning.

Exporting your monitoring configuration

After configuring the performance tools with the counters, update intervals, and other settings you want, you can save those settings on your local computer or for export to another computer. System Monitor settings are saved to the .msc file, while Performance Logs and Alerts settings are stored in the registry. If you save the settings under the name Perfmon.msc, note that you are permanently changing the configuration of the tools on the computer. Therefore, it is recommended that you save the file under another name. You can also save the settings for a single log or alert to an HTML file, which you can later use as a starting point to create new logs or alerts.

In addition to saving monitoring settings, you can add other tools or add multiple copies of System Monitor; for example, if you want to monitor graph and report views simultaneously. For information about adding tools to a console, see Create a custom monitoring console.