Performance Modules
The Windows 2000 System Monitor tool can be used to view performance
statistics in real time. The Windows 2000 Performance Logs and Alerts tool
is used to monitor statistics over a given period of time. The Log files
recorded with Performance Logs and Alerts are actually viewed with the
System Monitor through the properties, source tab.
System Monitor
Objects
An object is a collection of various performance statistics that you can
monitor. Objects are based on various areas of system resources. There are
objects for the processor, memory, services, etc..
Counters
Counters are the actual parameters that are measured. They are specific items
that are grouped within objects. For example, within the processor object,
there is a counter for percent processor time.
Instances
Some counters will also have instances. An instance further identifies which
performance parameter the counter is measuring. An example is a server with
two CPUs. Which instance or CPU should the counter measure.
Memory-> Available Mbs x < 4Mbs
Memory-> Pages/sec x < 20
Paging File-> %Usage x > 99%
Processor-> %Processor Time x > 80%
Processor-> Interrupts/sec x > 3500
NIC->Bytes total/sec
NIC->Bytes sent/sec
NIC->Bytes received/sec
Network Segment/%Network Utilization and Server/Bytes total/sec
Network Segment/%Network Utilization and Server/Bytes sent/sec
Network Segment/%Network Utilization and Server/Bytes received/sec
IP Datagrams Outbound Discarded - lack of buffer space
IP Datagrams Received Discarded - lack of buffer space
IP Datagrams Outbound No Route - Misconfigured System?
Use sampling: 1 week @ 15min Intervals
Performance Logs and Alerts
To access Performance Logs and Alerts, from the Start Menu, Programs,
Administrative Tools, choose Performance.
Counter Logs:
Counter logs record performance statistics based on the various objects,
counters, and instances available in the System Monitor. The values are
updated based on a time interval setting and are saved to a log file.
Trace Logs:
Trace logs record performance information to files based on system events.
As opposed to counter logs, some information is better monitored on events
rather than a specified time frame.
Alerts:
Alerts monitor the standard objects, counters, and instances that are
available with the Windows 2000 Performance Monitoring tools. Alerts are
designed to take a specific action when performance statistic thresholds
are exceeded. System administrators can configure various events to occur
when an alert is generated. Alerts can: log an entry in the application
event log (Event Viewer), send a network message to a user or computer,
start a performance data log operation, or run a specific program or batch
file.
There are two logging methods used when saving performance information to
log files. Circular logging is a method where data that is stored
within a file is overwritten as new data is entered. Circular logging
conserves disk space by not allowing the log to grow continuously. It uses
the first-in first-out (FIFO) method. Linear Logging is a method
where data is never deleted from the log files, new log data is appended
to the log file. The log file grows continuously saving all historical log
information.
Performance measurements related to Windows NT 4 logons can be measured
from System Monitor. Choose the NTDS object with the NTLM Authentications
counter.
ppp.log
\WINNT\TRACING\PPP.LOG
\WINNT\SYSTEM32\CLIENTS\TSCLIENT\NET\