You’ve probably heard that the best things in life are free. In the case of monitoring your Windows NT network, you may be able to get pretty close to that. Keeping your finger on the pulse of the network could mean the difference between a minor problem and a business-stopping crisis. Using Performance Monitor and one or two other tools, you can piece together your own network-monitoring system without having to spend potentially tens of thousands of dollars on commercially available network-management systems. This Daily Drill Down will walk you through several options for monitoring those parts of your network that must be kept running.

Deciding which services you should monitor
Before you start, look at each server and decide which services are mission critical. The problem with watching every service on every server is that you’ll end up creating more traffic on the network than your users will generate. The most effective way to monitor your network is to start with the basics. You can monitor processor utilization or the percentage of free disk space available on a drive, to mention just a couple of the possibilities.

The other concern you’ll need to address is how often you’ll want to poll. Keep in mind that the more often you check for a situation, the more network traffic that will be generated. Some situations may need to be checked more often than others. Try to keep the number of different polling periods to a minimum; this will require one instance of Performance Monitor for each polling period.

Setting up your NT monitoring machine
Now that you have an idea of what you want to monitor, the next step will be to set up the machine that will be your eyes and ears on the network. The good news is that you can use a copy of NT Workstation 4.0. After installing NT, you’ll want to apply at least NT Service Pack 5 (stay away from Service Pack 4 because it had a rather nasty SNMP leak). Then, apply updated drivers from the appropriate vendor for your video card, SCSI controller, network card, and so forth.

You’ll need to install Microsoft Outlook 98 or later and configure an e-mail profile on this system. For this Daily Drill Down, I’ll assume you’re using Microsoft Exchange 5.5 with Exchange Service Pack 2 or later. After installing Outlook, create a mail profile and record the name. Go into the Outlook client and verify that you can send and receive mail. If you don’t already have a copy of the NT Server Resource Kit 4 and the BackOffice Resource Kit, you’ll want to either purchase these or subscribe to TechNet, which includes these items.

Install the full NT Server Resource Kit. Be sure to install at least the Exchange Server portion of the BackOffice Resource Kit so that the alerts created by Performance Monitor will be sent to the designated individuals via your Exchange Server. The main tool you’ll need from the BackOffice Resource Kit is Mapisend.exe, a utility that will allow Performance Monitor to send the alerts using a command-line interface.

In addition, you should install Microsoft Internet Explorer 5 or later, which includes an update to the task scheduler service that comes with NT. You’ll need this component because it will allow you to know on a daily basis that your monitoring system is still capable of sending pages if problems are detected.

Using Performance Monitor
You can create and run any number of different alert monitoring functions. Although it’s possible to have only one occurrence of Performance Monitor running on your NT workstation, you’ll find this limiting. This is because you have to poll all the servers you’re watching using the same interval, even though the amount of free space on a particular drive doesn’t need to be watched as often as, say, the processor utilization on a server. I’ve found that running one instance of Performance Monitor for each server you’re working with is usually sufficient. If you’re watching a significant number of items on a particular server, you may need to break that monitoring out to two or monitor different instances of Performance Monitor based on different polling intervals.

I recommend you create an Alert directory on one of the partitions on the NT workstation you’re running Performance Monitor on. This directory will serve as a central holding point for the .pma files you’ll create as you set up the monitoring. The directory can also hold the .bat and .txt files needed for sending the alerts out to the designated recipients. As you save the alert configuration for each server, use the Start Menu Programs | Run function to automatically fire off the occurrence of Performance Monitor for each .pma file you’ve created as soon as a user logs into the NT Workstation.

You can find Performance Monitor by selecting Start | Programs | Administrative Tools (Common) and choosing Performance Monitor. When Performance Monitor appears, click the View menu and choose Alert. At this point, click the Plus button on the Performance Monitor toolbar. When the Add To Alert window opens, check the default entry in the Computer field. If you want to watch a different computer, click the Discovery button (…) to the right of the field, highlight the computer name you want to monitor, and either click OK or double-click on the computer name.

Next, select the service or process you want to monitor. Click the down arrow beside the Object field to see a list of items you can monitor. After you select an object class, you’ll see a list that matches that category under the Counter option. Some of the counters have fairly cryptic names. If you aren’t sure what a counter does, click the Explain button and Performance Monitor will display an explanation of the counter.

The information appearing in the Instance field varies depending on which you’ve selected. For example, when you have % Processor Time selected as a counter, you may see 0 displayed if you have only one processor installed or a number higher than 0 if two or more processors are detected. When you’re monitoring free disk space, you’ll see a list of drive letters.

Next, you must specify when you want to be notified. When monitoring a free disk space counter, you’ll probably want to be alerted when less than 10 percent of free space exists. In this case, you’d enter 10 in the Alert If Under field. Once you save the counter, you can see how your entry has been interpreted and make any needed adjustments.

When you’re using a new counter in Performance Monitor and you aren’t sure at what level you need to send an alert, you can use the Performance Monitor’s Chart function to give you an idea of what is “normal.” You may want to use this process periodically to review all the counters

After you’ve configured the alerts, you can then configure Performance Monitor to send the alerts to you. To do so, enter a drive letter, path, and filename under Run Program On Alert. You can create a batch file that calls the Mapisend.exe file that I mentioned earlier. The batch file will include the appropriate command-line arguments necessary for sending an e-mail message. Here’s what your file should look like:
mapisend -u “NTMONITOR” -p password -r “admingroup” -s “Test Alert” -t c:\alert\test.txt

where NTMONITOR is the name of the e-mail profile you created on the machine you’re running Performance Monitor on; password is the password that matches the username in the e-mail profile you’re using to send the mail message with; admingroup is the name or alias of the user or group you want to receive this e-mail alert; Test Alert is the subject you want displayed when the alert is e-mailed to the designated recipient(s); and c:\alert\test.txtis the drive letter, path, and name of the text file that contains the details you want the alert to provide.

Until you become comfortable with creating this type of file, it’s a good idea to run each file manually to verify that it will work when the time comes.

Once you create the alert function, click the Add button to activate it. You can create additional alert tasks by using the Add button. When you’ve finished, click the Done button.

By locating a program that uses a command-line interface to send a message to pagers, you can also send alerts to pagers without having to e-mail them through your Exchange Server. This ensures that you’ll receive alerts even when your Exchange Server or Internet connection is down.

By default, the polling interval is 5 seconds. Depending on what you’re monitoring, that may be a little excessive. To change this interval, first click Options, then choose Alerts. Enter the value you want to use for monitoring, and, if you want, select the Log Event In Application Log option. Then, click OK.

Finally, you need to save this information and enable the alert monitoring process to start automatically when a user logs into the workstation. First, click File and choose Save Alert Settings. Select the Alert directory and provide a name for the .pma file you’ll create. Place a link to the .pma file you just created in the Startup folder so that Performance Monitor will start automatically. You can include references to multiple .pma files so you can monitor multiple servers at one time.

Testing your monitoring system
The best-laid plan does you no good if it doesn’t work when you need it to. To set up a test, begin by double-clicking the My Computer icon on your NT Desktop. Then, double-click the Schedule Tasks icon in the My Computer window. Double-click the Scheduled Tasks Wizard, which steps you though creating a task that will test the alert system.

When the Schedule Task Wizard window appears, click the Next button. Click the Browse button and locate the batch file you created to send out the test message. Double-click the batch filename, and in the next window, that name, minus the .bat extension, will appear as the task name. Under Perform This Task, click Daily (your other options are Weekly, Monthly, One Time Only, When My Computer Starts, and When I Log On). Click the Next button to continue.

In the next window, specify when and how often you want this task to run. In the window that follows, the username of the individual currently logged in should appear. You can either enter the password for this username or enter a new username and the matching password. Click the Finish button to close the wizard.

To test the task now, right-click the task and select Run. Once the task has successfully run, you should see a comment to that effect on the task line. If the task can’t run for some reason, you’ll see an error message.
If your company uses an external disk storage system, such as Compaq’s StorageWorks system, you’re dealing with a logical disk. It is logical because the controller that controls the drives is external to the server that’s attached to the drive system. In this case, you’ll probably need to run an instance of Performance Monitor on the server using the drive system.
You can come up with some inventive ways to use alerts to watch your network. I recently learned of a way to monitor the link status of a fiber-optic card. I entered a high value in the Alert If Under field in Performance Monitor, and if the value received by Performance Monitor dropped below what I specified, I knew the fiber-optic interface had become disconnected or had failed.

As you can see, setting up a basic monitoring system isn’t that hard. By using this system, you’ll get the information you need to ensure that your servers are running smoothly.

Ronald Nutter is a senior systems engineer in Lexington, KY. He’s an MCSE, Novell Master CNE, and Compaq ASE. Ron has worked with networks ranging in size from single servers to multiserver/multi-OS setups, including NetWare, Windows NT, AS/400, 3090, and UNIX. He’s also the help desk editor for Network World. If you’d like to contact Ron, send him an e-mail. (Because of the large volume of e-mail that he receives, it’s impossible for him to respond to every message. However, he does read them all.)

The authors and editors have taken care in preparation of the content contained herein, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.