Performance and Reliability Monitoring Getting Started Guide for Windows Server 2008
Applies To: Windows Server 2008
Windows Server® 2008 includes Windows Reliability and Performance Monitor, which is a Microsoft Management Console (MMC) snap-in that combines the functionality of previous stand-alone tools including Performance Logs and Alerts, Server Performance Advisor, and System Monitor. It provides a graphical interface for customizing Data Collector Sets and Event Trace Sessions.
It also includes Reliability Monitor, an MMC snap-in that tracks changes to the system and compares them to changes in system stability, providing a graphical view of their relationship.
What is performance and reliability monitoring?
In general terms, performance is the measure of how quickly a computer completes application and system tasks. Overall system performance might be limited by the access speed of the physical hard disks, the amount of memory available to all running processes, the top speed of the processor, or the maximum throughput of the network interfaces.
After identifying hardware performance limitations, IT professionals can monitor individual applications and processes to assess how much of the available resources they use. IT professionals can use a comprehensive analysis of performance of both application impact and overall capacity to help plan for deployment and grow system capacity with increasing demands.
Windows Reliability and Performance Monitor enables you to track the performance impact of applications and services, and to generate alerts or take action when user-defined thresholds for optimum performance are exceeded.
The reliability of a system is the measure of how often the system operates as it is configured and expected to perform. Reliability can be reduced when applications stop responding, services stop and restart, drivers fail to initialize, or in the worst case, when operating systems fail.
Reliability Monitor provides you with a quick, visual view of the average stability of your system. In addition, it tracks events that will help you identify what causes reductions in reliability. By recording not only failures (including memory, hard disk, application, and operating system failures), but also key events regarding the configuration of your system (including the installation of new applications and operating system updates), you can see a timeline of changes in both the system and reliability, and can identify how to get your system back to optimal reliability when it does not behave as expected.
What's new in performance and reliability monitoring?
Key new features for monitoring performance and reliability in Windows Server 2008 include the following.
Data Collector Sets
An important new feature in Windows Reliability and Performance Monitor is the Data Collector Set, which groups data collectors into reusable elements for use with different performance monitoring scenarios. Once a group of data collectors is stored as a Data Collector Set, operations such as scheduling can be applied to the entire set through a single property change. You can schedule repeated collection of a Data Collector Set to create logs, load it in Performance Monitor to see the data in real time, and save it as a template to use on other computers.
Windows Reliability and Performance Monitor also includes default Data Collector Set templates to help you begin collecting performance data immediately.
Wizards and templates for creating logs
You can now add counters to log files and schedule their start, stop, and duration through a wizard interface. In addition, if you save this configuration as a template, you can collect the same log on subsequent computers without repeating the data collector selection and scheduling processes. Performance Logs and Alerts features have been incorporated into the Windows Reliability and Performance Monitor for use with any Data Collector Set.
Resource View
The new Resource View screen provides a real-time graphical overview of CPU, disk, network, and memory usage. By expanding each of these monitored elements, you can identify which processes are using which resources. In previous versions of Windows, this real-time, process-specific data was only available in limited form in Task Manager.
Reliability Monitor
Reliability Monitor calculates a System Stability Index that reflects whether unexpected problems reduced the reliability of the system. A graph of the Stability Index over time quickly identifies dates when problems began to occur. The accompanying System Stability Report provides details to help troubleshoot the root cause of reduced reliability. By viewing changes to the system (installation or removal of applications and updates to the operating system) side by side with failures (application, operating system, or hardware failures), you can develop a strategy for addressing the issues quickly.
Unified property configuration for all data collection, including scheduling
Whether you create a Data Collector Set for one-time use or to log activity on an ongoing basis, the interface for creation, scheduling, and modification is the same. If a Data Collector Set proves to be useful for future performance monitoring, you do not need to recreate it. You can reconfigure or copy it as a template.
User-friendly diagnosis reports
Users of Server Performance Advisor in Windows Server 2003 can now find the same kinds of diagnosis reports in Windows Reliability and Performance Monitor in Windows Server 2008. You can generate reports more quickly and can generate reports from data collected using any Data Collector Set. This allows you to repeat reports and assess how recommended changes have affected performance or modified the report recommendations. Windows Reliability and Performance Monitor also includes preconfigured performance and diagnosis reports for quick analysis and troubleshooting.
Who should use Windows Reliability and Performance Monitor
This guide is intended for the following audiences:
IT planners and analysts who are evaluating the product.
Enterprise IT planners and designers.
Early product adopters.
Benefits of Windows Reliability and Performance Monitor
The most significant advantage of Windows Reliability and Performance Monitor over previous individual tools like System Monitor, Performance Logs and Alerts, and Server Performance Advisor is that it combines the functionality of those tools into a single interface with common methods for defining the data to be collected. The Data Collector Set makes a group of counters portable.
Resource View in Windows Reliability and Performance Monitor provides a much more in-depth view of system activity and resource usage than previous tools like Task Manager. The ability to view resource usage by process helps you identify problem applications quickly, isolate and shut down resource-intensive processes, and plan for the distribution of server roles and applications across multiple servers as infrastructure grows.
Reliability Monitor helps you to quickly diagnose potential causes of instability so that you can apply rollback scenarios or updates in a targeted manner, rather than attempting a broad-spectrum update or reconfiguration in response to sudden changes in system behavior.
In this guide
The following are key scenarios for monitoring performance and reliability:
Scenario 1: Monitoring general system activity using Resource View
Scenario 2: Monitoring specific system activity using Performance Monitor
Scenario 3: Create a Data Collector Set from Performance Monitor
Scenario 4: Create and schedule logs from a Data Collector Set
Scenario 5: View log data in Performance Monitor
Scenario 6: View a diagnosis report
Scenario 7: View system stability with Reliability Monitor
Before you begin
The Performance Log Users group is a built-in group in Windows Server 2008 that is intended to allow users who are not local Administrators to perform many of the functions related to performance monitoring and logging. Due to Windows Management Instrumentation (WMI) requirements, in order for members of the Performance Log Users group to initiate data logging or modify Data Collector Sets, the group must first be assigned the Log on as a batch job user right. To assign this user right, use the Local Security Policy snap-in in Microsoft Management Console.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.
To assign the "Log on as a batch job" user right to the Performance Log Users group
Click Start, click in the Search box, type secpol.msc, and press ENTER. The Local Security Policy snap-in will open in Microsoft Management Console.
In the navigation pane, expand Local Policies and click User Rights Assignment.
In the console pane, right-click Log on as a batch job and click Properties.
In the Properties page, click Add User or Group.
In the Select Users or Groups dialog box, click Object Types. Select Groups in the Object Types dialog box and click OK.
Type Performance Log Users in the Select Users or Groups dialog box and then click OK.
In the properties page, click OK.
Starting Windows Reliability and Performance Monitor
You can use the Computer Management snap-in in Microsoft Management Console to access Windows Reliability and Performance Monitor.
To start Windows Reliability and Performance Monitor
Click Start, right-click Computer, and click Manage.
In the Microsoft Management Console navigation tree, click Reliability and Performance.
Key scenarios for monitoring performance and reliability
This guide discusses six scenarios for using Windows Reliability and Performance Monitor. Completing the scenarios will help you understand how the new tools work together, and how the tools can assist you in monitoring your system.
Scenario 1: Monitoring general system activity using Resource View
Overview: Monitoring general system activity using Resource View
The home page of Windows Reliability and Performance Monitor is the Resource View page. When you run Windows Reliability and Performance Monitor as a member of the local Administrators group, you can monitor the usage and performance of the following resources in real time: CPU, Disk, Network and Memory. More detail, including information about which processes are using which resources, is available by expanding the four resources.
In this task, you will become familiar with the information available in Resource View.
Prerequisites for monitoring general system activity using Resource View
To complete this task, ensure that you meet the following requirements:
Windows Server 2008 is installed.
You are logged on as a member of the local Administrators group.
Known issues for monitoring general system activity using Resource View
Resource View displays information from the Windows Kernel Trace provider session. In order to use this provider, you must either be logged on as a member of the local Administrators group or have started Windows Reliability and Performance Monitor with elevated privileges.
If you run Windows Reliability and Performance Monitor with insufficient credentials, the Resource View page will not show current system information. If you click the Start button (the green arrow in the toolbar), you will see the following message:
The Windows Kernel Trace provider is already in use by another trace session. Taking control of it may cause the current owner to stop functioning properly.
If you select Take control of the session, access will be denied. You must log on as a member of the local Administrators group, or follow the instructions in the following procedure to run Windows Reliability and Performance Monitor with elevated privileges.
To start Windows Reliability and Performance Monitor with elevated privileges
Click Start, click All Programs, click Accessories, right-click Command Prompt, and click Run as Administrator.
Enter the user name and password of an account that is a member of the local Administrators group.
At the command prompt, type perfmon.exe and press ENTER. Windows Reliability and Performance Monitor will start in the Resource View page.
Note
You can also start Resource View in its own window by typing perfmon /res at a command prompt.
Steps for monitoring general system activity using Resource View
To begin exploring Resource View, start Windows Reliability and Performance Monitor.
Four scrolling graphs in the Resource Overview pane display the real-time usage of CPU, Disk, Network, and Memory on the local computer. Four expandable sections below the graphs contain process-level detail about each resource. Click the resource labels to see more information, or click a graph to expand its corresponding details.
Resource View navigation
You can change how information is displayed in Resource View with the following actions:
Action | Procedure |
---|---|
Sort columns by value |
Click the column header label to sort in ascending order. Click the column header label a second time to sort in descending order. |
Highlight an application instance |
Click anywhere in the application instance row to keep highlighting when the application instance position in the display changes. |
Resource View details
The following tables describe the information shown in the Resource View detail screens.
Label | Description | ||
---|---|---|---|
CPU |
CPU displays the total percentage of CPU capacity currently in use in green, and displays the CPU Maximum Frequency in blue.
|
||
|
The application that is using CPU resources. |
||
|
The process ID of the application instance. |
||
|
The name of the application. |
||
|
The number of threads that are currently active from the application instance. |
||
|
The CPU cycles that are currently active from the application instance. |
||
|
The average CPU load over the last 60 seconds resulting from the application instance, expressed as a percentage of the total capacity of the CPU. |
Label | Description |
---|---|
Disk |
Disk displays the total current I/O in green, and displays the highest active time percentage in blue. |
|
The application that is using disk resources. |
|
The process ID of the application instance. |
|
The file that is being read and/or written by the application instance. |
|
The current speed (in Bytes/min.) at which data is being read from the file by the application instance. |
|
The current speed (in Bytes/min.) at which data is being written to the file by the application. |
|
The priority of the I/O task for the application. |
|
The response time in milliseconds for the disk activity. |
Label | Description |
---|---|
Network |
Network displays the current total network traffic (in Kbps) in green and displays the percentage of network capacity in use in blue. |
|
The application that is using Network resources. |
|
The process ID of the application instance. |
|
The network address with which the local computer is exchanging information. This may be expressed as a computer name, as an IP address, or as a fully qualified domain name (FQDN). |
|
The amount of data (in Bytes/min.) that the application instance is currently sending from the local computer to the address. |
|
The amount of data (in Bytes/min.) that the application instance is currently receiving from the address. |
|
The total bandwidth (in Bytes/min.) that is currently being sent and received by the application instance. |
Label | Description | ||
---|---|---|---|
Memory |
Memory displays the current hard faults per second in green and displays the percentage of physical memory currently in use in blue. |
||
|
The application that is using memory resources. |
||
|
The process ID of the application instance. |
||
|
The number of hard faults per minute that are currently resulting from the application instance.
|
||
|
The number of kilobytes that are currently residing in memory for the application instance. |
||
|
The number of kilobytes of the application instance working set that may be available for other applications to use. |
||
|
The number of kilobytes of the application instance working set that is dedicated to the process. |
Scenario 2: Monitoring specific system activity using Performance Monitor
Overview: Monitoring specific system activity using Performance Monitor
Performance Monitor provides a visual display of built-in Windows performance counters, either in real time or as a way to review historical data. You can add performance counters to Performance Monitor by dragging and dropping, or by creating custom Data Collector Sets. It features multiple graph views to enable you to visually review performance log data, as well as custom views that can be exported as Data Collector Sets for use with performance and logging features.
In this task, you will add performance counters to the Performance Monitor display, observe them in real time, and learn how to pause the Performance Monitor display to examine current system status.
Prerequisites for monitoring specific system activity using Performance Monitor
To complete this task, ensure that you meet the following requirements:
Windows Server 2008 is installed.
You are logged on as a member of the local Administrators group, or you are logged on as a member of the Performance Log Users group and have completed the procedure to grant the Log on as a batch job user right to the Performance Log Users group.
Steps for monitoring specific system activity using Performance Monitor
To begin using Performance Monitor, start Windows Reliability and Performance Monitor.
To start Performance Monitor
Start Windows Reliability and Performance Monitor.
In the navigation tree, expand Reliability and Performance, expand Monitoring Tools, and click Performance Monitor.
Performance Monitor enables you to add specific performance counters to the current view.
To add counters to the current Performance Monitor view
In the menu bar above the Performance Monitor graph display, either click the Add button (+) or right-click anywhere in the graph and click Add counters from the menu. The Add Counters dialog box opens.
In the Available Counters section, select counters to view in the Performance Monitor display. The following counters are suggested for this example:
Memory: % Committed Bytes In Use
Memory: Page Faults/sec
PhysicalDisk: Disk Read Bytes/sec
PhysicalDisk: Disk Reads/sec
PhysicalDisk: Disk Write Bytes/sec
PhysicalDisk: Disk Writes/sec
Processor: % Idle Time
Processor: Interrupts/sec
System: Threads
See Navigating the Add Counters dialog box for more information.
When you are finished selecting counters, click OK.
Navigating the Add Counters dialog box
This table describes how to perform common tasks in the Add Counters dialog box.
Task | Procedure | ||
---|---|---|---|
Choose the source computer for counters |
Select a computer from the drop-down list or click Browse to find other computers. You can add counters from the local computer or another computer on the network to which you have access.
|
||
Display a description of the selected counter group |
Select Show description in the lower left corner of the page. The description will update as you select other groups. |
||
Add a group of counters |
Highlight the group name and click Add. Note After highlighting a group name, you can click the down arrow to view included counters. If you highlight a single counter from the list before clicking Add, only that counter will be added.
|
||
Add individual counters |
Expand the group by clicking the down arrow, highlight the counter, and click Add. Note You can select multiple counters from a group by holding down the CTRL key and clicking the names in the list. When you have selected all of the counters that you want to add from that group, click Add.
|
||
Search for instances of a counter |
Highlight the counter group or expand the group and highlight the counter you want to add, type the process name in the drop-down below the Instances of selected object box, and click Search. The process name that you type will be available in the drop-down list to repeat the search with other counters. If no results are returned and you want to clear your search, you must highlight another group. If there are not multiple instances of a counter group or counter, the search function will not be available. |
||
Add only certain instances of a counter |
Highlight a counter group or counter in the list, select the process you want from the list that appears in the Instances of selected object box, and click Add. Multiple processes can create the same counter, but choosing an instance will collect only those counters produced by the selected process. Note Unless you select a specific instance, all instances of a counter are collected.
|
Once you have added counters to the Performance Monitor display, you can change the view to help you identify information that you are looking for.
To monitor current system activity from selected counters in Performance Monitor
The default display for Performance Monitor is the Line graph. In this display, two minutes of data appear in a rolling format from left to right, labeled along the X axis. This enables you to observe changes in each counter's activity compared with previous behavior over a short period of time. Hover the mouse pointer over a line in the graph to see details for the counter the line represents.
Change the display for the current set of data collectors using the drop-down menu on the toolbar. The Histogram bar displays information in real time, allowing you to observe changes in each counter's activity.
The Report display shows current values for each selected counter in text format.
Below the display, each counter is listed in a legend with the color of the graph line, its Scale, the Counter, the Instance (in this example, all instances are selected), the Parent (not applicable when all instances are selected), the Object, and the Computer.
You can select or clear the check box in each row to toggle whether the counter appears in the current display without removing the counter from the list.
Selecting a row in the legend displays specific information about the counter in the area above the legend.
While a row is selected in the legend, click the Highlight button on the toolbar to highlight that counter in the graph. To return to normal display, click the Highlight button again.
To change the properties of how the counter is displayed, right-click the row in the legend and select Properties from the context menu. The Performance Monitor Properties page will open on the Data tab. Use the drop-down menus to choose your preferences.
To freeze the display in order to examine current activity, click the Stop button on the toolbar. To resume observation from the point at which the display was stopped, click the Play button on the toolbar. To move through the data in collection time increments, click the Forward button on the toolbar.
Freezing the display in the Line graph will change the amount of time included in the X axis when observation is resumed.
Note
When finished with this task, do not close Windows Reliability and Performance Monitor. The data collectors in the Performance Monitor view will be used in the next scenario.
Scenario 3: Create a Data Collector Set from Performance Monitor
Overview: Creating a Data Collector Set from Performance Monitor
Real-time viewing of data collectors is just one way to use Performance Monitor. Once you have created a combination of data collectors that show you useful information about your system in real time, you can save them as a Data Collector Set, which is the building block of performance monitoring and reporting in Windows Reliability and Performance Monitor. It organizes multiple data collection points into a single component that can be used to review or log performance.
In this task, you will create a Data Collector Set from counters that are selected in the real-time Performance Monitor view.
Prerequisites for creating a Data Collector Set from Performance Monitor
To complete this task, ensure that you meet the following requirements:
Windows Server 2008 is installed.
You are logged on as a member of the local Administrators group, or you are logged on as a member of the Performance Log Users group and have completed the procedure to grant the Log on as a batch job user right to the Performance Log Users group.
Windows Reliability and Performance Monitor is running.
At least one data collector is selected for display in Performance Monitor.
Known issues for creating a Data Collector Set from Performance Monitor
In order to use the Windows Kernel Trace provider, you must be logged on as a member of the local Administrators group. However, many other data collectors including the ones listed in the previous example are accessible to members of the Performance Log Users group.
Steps for creating a Data Collector Set from Performance Monitor
To create a Data Collector Set from Performance Monitor
Begin with the display of counters from the previous procedure. If you no longer have these settings, start Performance Monitor and add counters to create a custom view you want to save as a Data Collector Set.
Right-click anywhere in the Performance Monitor display pane, point to New, and click Data Collector Set. The Create New Data Collector Set Wizard starts. The Data Collector Set created will contain all of the data collectors selected in the current Performance Monitor view.
Type a name for your Data Collector Set and click Next.
The Root Directory will contain data collected by the Data Collector Set. Change this setting if you want to store your Data Collector Set data in a different location than the default. Browse to and select the directory, or type the directory name.
Note
If you enter the directory name manually, you must not enter a back slash at the end of the directory name.
Click Next to define a user for the Data Collector Set to run as, or click Finish to save the current settings and exit.
After clicking Next,you can configure the Data Collector Set to run as a specific user. Click the Change button to enter the user name and password for a different user than the default listed.
Note
If you are a member of the Performance Log Users group, you must configure Data Collector Sets that you create to run under your own credentials.
Click Finish to return to Windows Reliability and Performance Monitor.
To view the properties of the Data Collector Set or make additional changes, select Open properties for this data collector set. You can get more information about the properties of Data Collector Sets by clicking the Help button in the Properties page.
To start the Data Collector Set immediately (and begin saving data to the location specified in Step 4), click Start this data collector set now.
To save the Data Collector Set without starting collection, click Save and close.
Scenario 4: Create and schedule logs from a Data Collector Set
Overview: Create and schedule logs from a Data Collector Set
Once you have chosen data collectors that provide you with meaningful information about your system performance, you can store the data as logs for later review.
Note
Log files created from Data Collector Sets in Windows Server 2008 are not backward-compatible with earlier versions of Windows. However, logs created in earlier versions of Windows can be viewed in Windows Server 2008.
Prerequisites for creating logs from a Data Collector Set
To complete this task, ensure that you meet the following requirements:
Windows Server 2008 is installed.
You are logged on as a member of the local Administrators group, or you are logged on as a member of the Performance Log Users group and have completed the procedure to grant the Log on as a batch job user right to the Performance Log Users group.
Windows Reliability and Performance Monitor is running.
At least one Data Collector Set has been created and saved (you can use the Data Collector Set that you created in Scenario 3).
Steps for creating logs from a Data Collector Set
By default, a Data Collector Set generates a log file. After creating a Data Collector Set, you can use the Data Management procedures to configure the storage options for each Data Collector Set to include information about the log in the file name, choose to overwrite or append data, and limit the file size of individual logs.
To schedule the Start condition for a Data Collector Set
In Windows Reliability and Performance Monitor, expand Data Collector Sets and click User Defined.
In the console pane, right-click the name of the Data Collector Set that you want to schedule and click Properties.
Click the Schedule tab.
Click Add to create a start date, time, or day for data collection. When configuring a new data collector set, ensure that this date is after the current date and time.
If you do not want to collect new data after a certain date, select Expiration date and choose a date from the calendar.
Note
Selecting an expiration date will not stop data collection in progress on that date. It will prevent new instances of data collection from starting after the expiration date. You must use the Stop Condition tab to configure how data collection is stopped.
- When finished, click OK.
To schedule the Stop condition for a Data Collector Set
In Windows Reliability and Performance Monitor, expand Data Collector Sets and click User Defined.
In the console pane, right-click the name of the Data Collector Set that you want to schedule and click Properties.
Click the Stop Condition tab.
To stop collecting data after a period of time, select the Overall duration check box and choose the quantity and units. Note that your overall duration must be longer than the interval at which data is sampled in order to see any data in the report. Do not select an overall duration if you want to collect data indefinitely.
Use limits to segment data collection into separate logs by selecting the When a limit is reached, restart the data collector set check box. If both limit types are selected, data collection will stop or restart when the first limit is reached.
Select Duration to configure a time period for data collection to write to a single log file.
Select Maximum Size to restart the Data Collector Set or to stop collecting data when the log file reaches the limit.
Note
If an overall duration is configured, it will override limits.
If you have configured an overall duration, you can click the Stop when all data collectors have finished check box to allow all data collectors to finish recording the most recent values before the Data Collector Set is stopped.
When finished, click OK.
Important
Larger log files result in longer report generation times. If you review your logs frequently to see recent data, we recommend that you use limits to automatically segment your logs. You can use the relog command to segment long log files or combine multiple short log files. For more information about the relog command, type relog /? at a command prompt.
After you have saved the properties for your schedule, the display in the snap-in window changes to show the name of the log, the type of data the log collects, and the output directory and file name where the log is stored. You can double-click the name of the log to add or remove data collectors from it or change the file name, name format, and whether the log overwrites or appends when the data collector is restarted.
Important
Report generation time increases with the size of the log file created by the Data Collector Set. If you review your logs frequently to see recent data, we recommend that you use limits to automatically segment your logs. You can use the relog command to segment long log files or combine multiple short log files.
Next, you can configure how data is archived for the Data Collector Set.
To configure data management for a Data Collector Set
In Windows Reliability and Performance Monitor, expand Data Collector Sets and click User Defined.
In the console pane, right-click the name of the Data Collector Set that you want to configure and click Data Manager.
On the Data Manager tab, you can accept the default values or make changes according to your data retention policy. See the Data Manager properties table for details on each option.
When the Minimum free disk or Maximum folders check box is selected, previous data will be deleted according to the Resource policy you choose (Delete largest or Delete oldest) when the limit is reached.
When the Apply policy before the data collector set starts check box is selected, previous data will be deleted according to your selections before the Data Collector Set creates its next log file.
When the Maximum root path size check box is selected, previous data will be deleted according to your selections when the root log folder size limit is reached.
Click the Actions tab. You can accept the default values or make changes. See the Actions properties table for details on each option.
Note
Folder actions allow you to choose how data is archived before it is permanently deleted. You may decide to disable the Data Manager limits in favor of managing all data according to these folder action rules.
- When you have finished making your changes, click OK.
Data Manager properties
The following table explains the options that you can configure on the Data Manager tab of the Properties dialog box (accessed by right-clicking the Data Collector Set and clicking Data Manager).
Option | Definition |
---|---|
Minimum free disk |
The amount of disk space that must be available on the drive where log data is stored. If selected, previous data will be deleted according to the Resource policy that you choose when the limit is reached. |
Maximum folders |
The number of subfolders that can be in the Data Collector Set data directory. If selected, previous data will be deleted according to the Resource policy that you choose when the limit is reached. |
Resource policy |
Specifies whether to delete the oldest or largest log file or directory when limits are reached. |
Maximum root path size |
The maximum size of the data directory for the Data Collector Set, including all subfolders. If selected, this maximum path size overrides the Minimum free disk and Maximum folders limits, and previous data will be deleted according to the Resource policy that you choose when the limit is reached. |
Actions properties
The following table explains the options that you can configure on the Actions tab of the Properties dialog box (accessed by right-clicking the Data Collector Set and clicking Data Manager).
Option | Definition |
---|---|
Age |
The age in days or weeks of the data file. If the value is 0, the criterion is not used. |
Size |
The size in megabytes (MB) of the folder where log data is stored. If the value is 0, the criterion is not used. |
Cab |
A cabinet (.cab) file, which is an archive file format. These files can be created from raw log data and extracted later when needed. Choose create or delete to take action based on the age or size criteria. |
Data |
Raw log data collected by the Data Collector Set. Log data can be deleted after a .cab file is created to save disk space while still retaining a backup of the original data. |
Report |
The report file generated by Windows Reliability and Performance Monitor from raw log data. Report files can be retained even after the raw data or .cab file has been deleted. |
Scenario 5: View log data in Performance Monitor
Overview: View log data in Performance Monitor
You can view previously collected logs in Windows Reliability and Performance Monitor as reports or as Performance Monitor data.
In this task you will learn how to open log data in the Performance Monitor display. All of the display options included in real-time monitoring with Performance Monitor are available for log viewing.
Prerequisites for viewing log data in Performance Monitor
To complete this task, ensure that you meet the following requirements:
Windows Server 2008 is installed.
You are logged on as a member of the local Administrators group, or you are logged on as a member of the Performance Log Users group and have completed the procedure to grant the Log on as a batch job user right to the Performance Log Users group.
Windows Reliability and Performance Monitor is running.
At least one log file is available from a previously-created Data Collector Set.
Steps for viewing log data in Performance Monitor
The following procedures describe how to load and view log data in Performance Monitor.
To load log data in Performance Monitor
Start Windows Reliability and Performance Monitor.
In the navigation tree, expand Reports, expand User Defined, and expand the Data Collector Set whose log data you want to view.
Note
If only one Data Collector Set is configured and currently running, you will need to stop the Data Collector Set by clicking Stop, or right-clicking the Data Collector Set name and selecting Stop from the menu.
In the navigation pane, click the name of the log that you want to view. The log data will open in the Report view.
Click the Performance Monitor View button in the toolbar.
Navigating the log view in Performance Monitor
Log data opens in the Line graph view by default. While in this view, the X axis of the graph represents the total time included in the log.
To view only a specific time frame in the display, click and drag in the display until a section is highlighted, then click the Zoom button or press CTRL+Z.
For other viewing options, see the description for viewing system activity in real time in Scenario 2.
Scenario 6: View a diagnosis report
Overview: View a diagnosis report
Windows Reliability and Performance Monitor includes two default system reports for assessing system health and diagnosing system performance issues.
In this scenario, you will collect data to view the System Diagnostics report.
Prerequisites for viewing a diagnosis report
To complete this task, ensure that you meet the following requirements:
Windows Server 2008 is installed.
You are logged on as a member of the local Administrators group, or you have started Windows Reliability and Performance Monitor with elevated privileges.
Windows Reliability and Performance Monitor is running.
Note
The System Diagnostics report uses the Windows Kernel Trace provider, which can only be accessed by members of the local Administrators group.
Steps for viewing a diagnosis report
To view the System Diagnostics report
Start Windows Reliability and Performance Monitor.
In the navigation tree, expand Data Collector Sets and expand System.
Right-click System Diagnostics and click Start. Data Collection will begin.
In the navigation tree, expand Reports, expand System, expand System Diagnostics, and click the current date.
When data collection and report generation are complete, the System Diagnostics report will appear in the console pane.
Note
This report collects data for 60 seconds. It may take up to an additional 60 seconds for the report to be generated.
Scenario 7: View system stability with Reliability Monitor
Overview: View system stability with Reliability Monitor
Reliability Monitor is a snap-in for the Microsoft Management Console (MMC) that provides a system stability overview and trend analysis with detailed information about individual events that may affect the overall stability of the system. It will begin to collect data at the time of system installation.
In this task, you will review the System Stability Chart and become familiar with the detailed event information that Reliability Monitor uses to calculate the stability index.
Prerequisites for viewing system stability with Reliability Monitor
To complete this task, ensure that you meet the following requirements:
Windows Server 2008 is installed.
Your computer has been running for a minimum of 24 hours since the installation of the operating system.
The RACAgent scheduled task is running (it runs by default on a new installation unless it is manually disabled).
Known issues for viewing system stability with Reliability Monitor
The following known issues may affect your ability to complete this task:
Your Windows installation must run for at least 24 hours before data will be displayed in the System Stability Chart.
If you perform this task on a new system, you may see only minimal data regarding reliability events. Repeat the task after installing applications and adding hardware to learn more.
Steps for viewing system stability with Reliability Monitor
To start Reliability Monitor
Start Windows Reliability and Performance Monitor.
In the navigation tree, expand Monitoring Tools and click Reliability Monitor.
System Stability Chart
Based on data collected over the lifetime of the system, each date in the System Stability Chart includes a graph point showing the System Stability Index rating for that day. The System Stability Index is a number from 1 (least stable) to 10 (most stable) and is a weighted measurement derived from the number of specified failures recorded over a rolling historical period. Reliability Events in the System Stability Report describe the specific failures. Reliability Monitor maintains up to a year of history for system stability and reliability events. The System Stability Chart displays a rolling graph organized by date.
The top half of the System Stability Chart displays a graph of the System Stability Index. In the lower half of the chart, five rows track Reliability Events that either contribute to the stability measurement for the system or provide related information about software installation and removal. When one or more Reliability Events of each type are detected, an icon appears in the column for that date.
For Software Installs and Uninstalls, an Information icon indicates a successful event of that type occurred, or a Warning icon indicates a failure of that type occurred.
For all other Reliability Event types, an Error icon indicates a failure of that type occurred.
If more than 30 days of data are available, you can use the scroll bar at the bottom of the System Stability Chart to find dates outside the visible range.
Reliability Events
The Reliability Events recorded in the System Stability Report are as follows:
System Clock Changes
Significant changes to the system time are tracked in this category.
Note
This category does not appear in the System Stability Report unless a day is selected on which a significant clock change occurred. An Information icon will appear on the System Stability Graph for any days where a significant clock change has occurred.
Data Type | Description |
---|---|
Old Time |
Specifies the date and time prior to the clock change. |
New Time |
Specifies the date and time selected during the clock change. |
Date |
Specifies the date (based on the new time) when the clock change occurred. |
Software (Un)Installs
Software installations and removals including operating system components, Windows updates, drivers, and applications are tracked in this category.
Data Type | Description |
---|---|
Software |
Specifies operating system, name of application, Windows Update name, or driver name. |
Version |
Specifies the version of the operating system, application, or driver (this field is not available for Windows Updates). |
Activity |
Indicates whether the event is an install or uninstall. |
Activity Status |
Indicates success or failure for the action. |
Date |
Specifies the date of the action. |
Application Failures
Application failures, including the termination of a non-responding application or an application that has stopped working, are tracked in this category.
Data Type | Description |
---|---|
Application |
Specifies the executable program name of the application that stopped working or responding. |
Version |
Specifies the version number of the application. |
Failure Type |
Indicates whether the application stopped working or responding. |
Date |
Specifies the date of the application failure. |
Hardware Failures
Disk and memory failures are tracked in this category.
Data Type | Description |
---|---|
Component Type |
Indicates whether the failure occurred in hard drive or memory. |
Device |
Identifies the device that is failing. |
Failure Type |
Indicates a potential hard drive failure resulting from a bad disk, or indicates that a memory failure resulted from bad memory. |
Date |
Specifies the date of the hardware failure. |
Windows Failures
Operating system and boot failures are tracked in this category.
Data Type | Description |
---|---|
Failure Type |
Indicates whether the event is a boot failure or operating system crash. |
Version |
Identifies the versions of the operating system and service pack. |
Failure Detail |
Provides details for the type of failure, which is either: Operating System Failure: Indicates the stop code. Boot Failure: Indicates the reason code. |
Date |
Specifies the date of the Windows failure. |
Miscellaneous Failures
Failures that impact stability and do not fall under previous categories are tracked in this category, including unexpected operating system shutdowns.
Data Type | Description |
---|---|
Failure Type |
Indicates that the system was disruptively shut down. |
Version |
Identifies the versions of the operating system and service pack. |
Failure Detail |
Indicates that the computer was not shut down normally. |
Date |
Specifies the date of the miscellaneous failure. |