Don’t try clicking on Start | Administrative Tools (Common) | Performance Monitor in Windows 2000. For that matter, don’t look for Sysmon or Netmon in their old NT 4.0 locations, either. They’re not there.
These powerful troubleshooting utilities have been moved in Windows 2000. Performance Monitor has been replaced by System Monitor, which itself has been migrated to the Performance Logs And Alerts Microsoft Management Console (MMC) snap-in. You’ll find the Performance Logs And Alerts in the Win2K Performance console.
Receive Paperchase Digest in your e-mail box every Friday. Be sure to catch every column, as well as timely tips and reviews not found on the site! It’s easy, and it’s free. Just go to the TechMails page and sign up for Erik Eckel’s Paperchase Digest to ensure you keep up-to-date on the latest certification tips, shortcuts, news, and more!
As an administrator, you’ll now monitor remote network traffic using a network monitor included with Microsoft Systems Management Server (version 1.2 or 2.0). Windows 2000 also boasts an enhanced Simple Network Management Protocol (SNMP) service.
In order to secure Windows 2000 certifications, it’ll be necessary to understand the use of all three of these monitoring, optimization, and troubleshooting tools in Windows 2000. In this article, I’ll help you become familiar with the triumvirate by examining the Performance console. In upcoming columns, I’ll cover the SNMP service and the Windows 2000 Network Monitor.
Get to know the Performance console
The Win2K Performance console, accessed by selecting Start | Administrative Tools | Performance, is a pre-configured MMC console.
|You can access the Performance console by selecting Performance from the Start | Administrative Tools menu.|
Selecting Performance Logs And Alerts lets you monitor the performance of local and remote systems. The Performance Logs And Alerts snap-in enables the following actions:
- Specifying performance objects, counters, and intervals to be tracked and logged
- Setting alerts for specific object values
- Viewing performance counter activity
- Managing logging sessions
- Compiling performance data that can be exported to spreadsheets for analysis
- Creating trace logs that track alerts by event rather than by interval timing (as is done by counter logs)
|The Performance console houses two snap-ins: Performance Logs And Alerts and System Monitor.|
Using Performance Logs And Alerts
You can record counter activity by right-clicking on Counter Logs under Performance Logs And Alerts and selecting New Log Settings. You’ll be asked to supply a name and then add the counters to be logged.
|Counter Logs are easy to configure.|
The tabs in the Counter Logs dialog box enable you to configure log files and a log file schedule. Using the dialog box, you can specify the location of the log files that are created, the log file type, when logs are to be started and stopped, and whether a command should be run or a new log created when a log file closes. In the General tab, you can also specify the sampling interval for the selected counters.
Trace logs differ from counter logs in that trace logs are created when a specified event occurs. With counter logs, a continuous sampling occurs whether the event occurs or not.
To specify trace logs, right-click on Trace Logs under Performance Logs And Alerts and select New Log Settings. You’ll be asked to supply a name and a trace provider, which can be the Local Security Authority (LSA). You’ll then need to add the counters to be traced.
The General, Log Files, and Schedule tabs are similar to those found in the Counter Logs dialog box. However, the Trace Logs dialog box adds another tab, Advanced, which you can use to specify memory buffer settings. You can also specify how often you want to transfer data from buffers to the log file. By default, data is transferred to the log file when the memory buffers become full. To override the default, just select the check box and specify the minimum number of seconds that can pass before data is transferred.
|Trace logs offer the same ease-of-use as counter logs.|
You can create alerts by right-clicking Alerts under Performance Logs And Alerts and selecting New Alert Settings. As with counter logs and trace logs, you’ll be prompted to supply a name.
Once you’ve supplied a name for the alert, you’ll need to specify the comment you want to receive when specific counter values are exceeded. The machine you want to monitor, as well as the performance objects, counters, and specified alert values, can all be customized to meet your needs.
|Alerts are easy to customize in Windows 2000.|
In the Action tab, you should specify the commands and actions you want taken when the values you’ve set for the alerts are triggered. Your options include sending a network message, beginning a performance data log, and executing a specified program.
The Schedule tab lets you specify when to start and stop scans, as well as whether a new scan should be triggered when an alert scan completes.
Using System Monitor
As in Windows NT 4.0, System Monitor lets you monitor system memory, disks, processors, networks, and other objects. You can then view the collected data in graph or histogram form or in a report.
System Monitor also enables you to:
- Create reusable monitoring configurations for use on other systems.
- Create HTML pages from performance views.
- Integrate System Monitor functionality into Microsoft Office applications.
System Monitor can be an invaluable tool for monitoring changes in performance on your network. You can use it to test configuration changes and resource usage, as well as to diagnose and troubleshoot problems.
You must set three items to measure data using System Monitor:
- Data type—Specify one or more performance monitor objects (such as memory, physical disk, or processor).
- Data source—Specify the system you want to monitor (any system for which you have administrative permissions).
- Sampling (or measurement) interval—Specify when sampling occurs. (You can select from manual or automatic intervals.)
Using the System Monitor is simple. Just select it from the Performance console and add performance objects and counters by clicking the plus-sign button on the toolbar. You can choose from a wide variety of performance objects, including DHCP, DNS, PhysicalDisk, Processor, System, and IP. Each performance object includes its own list of counters you can track, such as % Usage and % Usage Peak for the Paging File performance object.
|The System Monitor can simultaneously track multiple object counters.|
The System Monitor view consists of three parts. The graph area appears at the top. There, a timer bar moves across the screen displaying a graphical representation of the data being collected.
Beneath the graph area is the value bar, which contains the Last, Average, Minimum, and Maximum values for the counter selected in the legend area below it. You’ll also find a Duration value, which provides the total elapsed time that is being displayed in the graph area.
The legend area that appears at the bottom of the System Monitor includes object, counter, and instance information. Many attributes of the graph area and legend can be customized. For example, it’s easy to highlight a particular counter. Just click the lightbulb button on the toolbar, and the value selected in the legend area will appear as white.
Which counters should you monitor?
It’s much easier to troubleshoot systems and network problems when a baseline has been established. You should monitor several objects regularly and over a period of time to ensure that you receive a performance baseline established under typical network and system loads.
Physical disk counters are enabled by default in Windows 2000. Remember to fire up a command prompt and type diskperf –y to enable physical disk performance counters if you've turned them off. You should type diskperf –yn if you want to use logical disk performance counters, which aren't enabled by default.
In a perfect world, you would monitor every performance object and counter available. As most NT 4.0 administrators are aware, however, a performance hit is experienced for every counter that’s tracked. While the performance degradation resulting from the use of counters is small, it can add up.
Microsoft recommends tracking at least the following counters regularly:
- Cache\Data Map Hits %
- Cache\Fast Reads/sec
- Cache\Lazy Write Pages/sec
- Logical Disk\% Disk Space
- Memory\Available Bytes
- Memory\Nonpaged Pool Allocs
- Memory\Nonpaged Pool Bytes
- Memory\Paged Pool Allocs
- Memory\Paged Pool Bytes
- Processor(_Total)\% Processor Time
- System\Context Switches/sec
- System\Processor Queue Length
Erik Eckel MCP+I, MCSE is editor in chief of TechRepublic's IT communities. He's previously held positions as a high-speed IP access product manager and a communications representative for nationwide long-distance, data networking, and Internet services providers.If you’d like to share your opinion, please post a comment below or send the editor an e-mail.