Monitoring and Analysing System Events

Table of Contents

1. Monitoring and Analysing System Events
2. Event Viewer
3. System Monitor
4. Real-Time Monitoring
5. Logged Monitoring
   1. Counter Logs
   2. Trace Logs
   3. Alerts
6. Managing Software Updates and Site Licensing
7. Managing Servers Remotely
8. Monitoring File and Print Servers
9. Monitoring Application Performance
10. Managing a Web Server

Logged Monitoring

Performance Logs and Alerts is the other half of the Performance snap-in. It supports logged monitoring to log files larger than 1GB, up to the maximum supported file size for the file system on which the logs are stored. You can also append performance data onto existing log files.

Two new groups (installed by default) allow users to gather performance data for a computer without being members of the Administrators group. Each is a local group on standalone and domain member servers and a domain local group on domain controllers.

• Performance Log Users: members of this group have permission to manage and schedule logged performance counters, logs and alerts on the local server or on servers within the domain, both interactively (locally) and remotely.

• Performance Monitor Users: members of this group have permission to monitor performance counters, logs, and alerts on the local server or on servers within the domain, both interactively (locally) and remotely.

The Performance Logs and Alerts tool offers administrators three major benefits:

• The ability to record system performance data at specified intervals over time using counter logs

• A way of recording detailed system events after specific events occur using trace logs

• A configuration setting for being notified by the system when specific counters exceed certain preset thresholds using alerts

Counter logs let you collect data about a server's performance over time to establish a baseline of normal performance. You should collect baseline data during periods of regular activity, not during temporary periods of high or low usage.

Baselines can only be an effective barometer of average server performance under "normal" loads. Recording performance data during peak usage times does not create an accurate baseline reading. It might sometimes be interesting to record the system without users on it to know the minimum level of activity the system generates for replication traffic etc. This no-user baseline gives administrators another piece of information to use when considering upgrades.

You should create and use system performance baselines for future comparison purposes when you suspect that server performance has degraded over time. By comparing baseline readings with current performance results, you can quickly determine whether there is really a performance bottleneck or whether you might need additional hardware. Remember, if you change the server's hardware configuration, you need to re-establish a baseline.

Next: Counter Logs