1.3.1 Configure Data Collector Sets (DCS)
A DCS organizes performance counts, event traces, and system configuration data into one single object and allows Reports to be created for the DCS(found in Reports menu under Performance in the left pane)
In Performance Manager, left pane, expand DCS. Right click user defined folder and choose New Data Collector Set. Create from Template or Create manually. Choose a template if using templates. Save and close. Right click and Start the DCS.
Creating manually alllows you to select Performance counter data collector, Event Trace data collector, Config Data collectors, and performance counter alerts.
Performance counter DC allows collection of various performance related counters
Event Trace DC allows you to collect certain debug type data from specific events
Config DC's allow monitoring of registry keys.
Performance Alerts monitor thresholds for performance counters.
In the properties for the parent DCS, a few things you can configure: you can configure a root directory, a schedule for the DCS to run, permissions, stop conditions, run a task when the DCS stops,
For each task in the DCS, there are also properties specific to the type of task. Except for the performance alert, the other types allow you to define a file to store the collected data in.
Once you run a DCS, you can look at the results in the Report tab menu.
1.3.2 configure alerts
Performance alerts are notifications or tasks that are executed when a performance threshold is reached. Create a new DCS, choose Create manually, select performance counter alert. Add a performance counter to select which counter. choose Above or Below the limit value.
Now in the properties, we can set the interval under Alerts, or add/change/remove counters. Under "Alert Action", you can set the thresholds to log in the Application event log, or to start another DCS. Under Alert Task, you can set to run a task when alert is triggered.
1.3.3 monitor real-time
performance
Task Manager: from Run/command prompt use taskmgr, or right click taskbar and Task Manager, or ctrl-alt-delete choose Task Manager
Processes lists the processes,Type,Status, Publisher, PID, Process Name, Command Line, CPU, Memory. Columns are selected by right clicking a column and checking/unchecking the ones you want to include.
Apps, Background, Windows processes. You can expand to see process tree. Right click to End task, Change memory resource value format, Create dump file, go to this process in the details tab, open file location to show the location, search online(via Bing) to find out more information, properties tab.
Performance tab shows CPU, Memory, and Ethernet stats.
CPU you can right click the right pane and select Change graph to -> To switch between overall usage and logical processors. It shows Utilization, Speed, Sockets/logical processors, VM capable, LM1 cache, processes, threads, handles, and up time.
Memory shows In Use, Available, Commited, Cached, Paged pool, and Non-paged pool, Slots used, Hardware reserved, Max memory possible
Ethernet shows Send/Receive, Adapter name, domain name, connect type, ipv4 & ipv6 address. Right click and view network details for more information for all nic's on the system.
Users tab shows logged in users, their id, session id, client name, status, cpu, and memory. right click colum to select which coluns to display. You can expand each user to show their processes.
Details tab shows even more selectable columns for processes. I won't list them all here.
Services tab shows Name, PID, Description, Status, and Group for services. You can start, stop, restart services here. Or you can open up the services MMC for more detailed service configuration.
Resource Monitor
A more detailed tool that shows usages of resources by processes, services, files, etc.
Access it through server manager via tools/resource monitor. Also in control panel/administrative tools. From command line you can use either resmon or perfmon /res . Or launch from within performance monitor by right clicking Monitoring Tools and selecting Resource Monitor.
Overview allows you to see CPU, Disk, Network, and Memory stats for processes. You can select individual processes to see filtered information for the process or processes in each category. If you right click the columns you can select/unselect various columns in each category.
CPU tab gives you same information as on overview but also adds Services, Associated Handles, and
Associated Modules. However, you must select a process or multiple processes to see their associated handles and associated modules. This will also filter the services that may be associated with the process(es) that have been selected. As in overview, the columns are also customizable.
Memory tab shows same thing as memory under overview, but also includes a bar graph of overall physical memory usage.
Disk The disk tab shows processes with disk activity as they access the disk in real time.
It also shows the same overall disk activity information as the overview page. There is also a section for logical disk storage. As the other tabs, you can customize columns viewing. You can further see current TCP connections per process and Listening ports per process. This is filterable by selecting a process or multiple process. Columns are customizable.
Network tab, like Disk tab, first shows you the processes that are accessing the network in real-time. Then it has a tab Network Activity that shows overall utilization like on the Overview tab.
Performance Monitor
http://technet.microsoft.com/en-us/library/cc749249.aspx
Performance Manager is in Server Manager/tools. Also found in control panel/administrative tools as well as command line "perfmon". Perfmon can be used to monitor performance in a graph format, via counters of various performance. You can view real-time data but also historical data in a Line, Histogram bar, or Report format.You can also define Data Collector Sets here(1.3.1) and associated Reports here. You can also shortcut to the "Action Center/Reliability Monitor" by right clicking "Monitoring Tools" and selecting "View system reliability", or the Resource Monitor by selecting "Resource Monitor"
To configure Perf mon, right click "performance monitor" and select properties. (You can also do some of this on the Perf mon toolbar) From here, you have the following tabs:
General: customize the graph view with "display elements". Change Report and histogram data to Min, Current, Default, Max, or Avg. Set sample frequency and how much will be graphed before redrawing. Sample automatically is the same as pausing the graph in the Toolbar.
Source allows you to set a source for historical perfomance data. You can choose Log files, or a data base. Or you can go back to real-time data with "Current Activity"
Data shows which counters are currently active and allows customization.
Graph allows you to configure the graph views.
Appearance is for further display customization, including colors, fonts, borders, and seperator.
The performance monitor toolbar includes options also found in the properties:
View current activity. View log data will take you to properties/source to select a data source. The next icon allows you to choose which graph you want. the + icon adds counters. X icon deletes counters. The "highlighter" icon highlights whichever counter is currently selected in the value bar.
The next icon copies properties as an activex control that can be embedded into an IE compatible web page. The clipboard icon pastes a counter list from the clipboard. You can pause real-time update, and also manually refresh with the next icon.
1.3.4 monitor virtual machines (VMs)
Hyper-V resource monitoring
activated and viewed using powershell
Enable-VMResourceMetering
Disable-VMResourceMetering
Reset-VMResourceMetering
Measure-VM
As outlined in 3.1.3 of 70-410, you can setup resource pools to monitor resources across multiple computers using:
new-vmresourcepool
measure-vmresourcepool
then when you enable-vmresourcemetering, you can use the -resourcepoolname switch
enable-vmresourcemetering -resourcepoolname serverpool
1.3.5 monitor events
Event Viewer
Run from Start/Administrative tools, or in Server Manager under Tools, or run eventvwr.msc
Multiple logs available:
Custom Views:
Create custom views using specific logs/sources, event levels, categories and keywords, logging period, and user/computers. Administrative Events is a default log that logs Critical, Error, Warning levels from all administrative event logs. There may be other default logs depending on server roles installed
Windows Logs:
Application - events from applications and programs
Security - events dealing with logins and resource/object access. Must enable auditing to log these events
Setup: application setup logs
System: System events such as boot and services
Forwarded events: can store events from remote computers using event subscription. Not compatible pre-windows 7 or 2008.
Application and Services Logs:
Logs specific to some applications and services.
Subscriptions:
see 1.3.6
Common Event fields(properties of an event):
Source: software/component that logged the event
Event ID: A specific event code
Level: Event severity (Information, Warning, Error, Critical, Success Audit, Failure Audit)
User, Computer:
Logged date/time
Task Category
Keywords
Opcode
Filtering events:
Right click log, select filter current log. This is similar to setting up a custom log. You can configure the same fields except the By log is set to the log you are filtering.
Attaching a task to an event:
You can choose to attach a task to a log or a specific event
Right click the log and select attach a task. Any event logged in this log will trigger the task
Right click a specific event and choose attach a task to this event. The task will only trigger on this event.
Under action, choose "Start a program".
Extra Note: With "attaching a task to an event", you may see the actions Send an e-mail (deprecated) and Display a message (deprecated). MS plans to remove these and seems to be encouraging people to do these functions via powershell. In my version they are still selectable but I didn't bother to test them out.
1.3.6 configure
event subscriptions
Event Viewer subscriptions
Setup forwarding computers and a collecting computer. The forwarders send events to the collector, who places the events in the Forwarded events log.
Note: You may need to run the winrm quickconfig command to setup remote monitoring. You may also need to add the collector computer to the administrators group of the forwarding computers if you setup Machine account in user account.
Subscription types:
Collector initiated: collector contacts source(forwarder) computers and provides subscription
Source initiated: source(forwarder) computers contact collector and receive subscription. Must be configured through policy or local config on the source computers.
You can filter the events to be subscribed too. You can also click Advanced and setup bandwidth management for the event sub as well as HTTP or HTTPS.
1.3.7 configure network monitoring
various tools for monitoring a network connection: ping, nslookup, tracert, arp, ipconfig, netstat.
Packet sniffers(protocol analyzers): I personally use Wireshark but MS offers one called Microsoft Network Monitor. This GUI based tool also has a command line tool called nmcap. You can also capture network traces using netsh trace.
1.3.8 (R2) Schedule performance monitoring
Data Collector Sets can be scheduled in properties. Click on Schedule tab for the DCS, and Add Schedule. Set the range of dates that this DCS will be run, or just set a beginning date with no expiration. Set the Start/Launch time. Choose which days of the week this DCS will run on.
No comments:
Post a Comment