MONITORING MICROSOFT WINDOWS SERVER 2003 Chapter 3 MONITORING MICROSOFT WINDOWS SERVER 2003
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 CHAPTER OVERVIEW Use Event Viewer to monitor system logs. Configure Task Manager to display performance data. Use System Monitor to display real-time performance data. Create counter logs and alerts.
SERVER MONITORING PRACTICES Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 SERVER MONITORING PRACTICES Real-time monitoring Uses tools that display a continuous stream of statistics about what the system is doing right now Logged monitoring Enables administrators to observe trends that develop over longer periods of time than those observed in a typical real-time monitoring session
MONITORING SUBSYSTEMS Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MONITORING SUBSYSTEMS Processor Disk Memory Network
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 WHAT IS A BASELINE?
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 USING EVENT VIEWER
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 EVENT VIEWER LOGS Application Information about specific programs running on the computer System Events generated by components such as services and device drivers Security Security-related events such as failed logons and attempts to access resources
UNDERSTANDING EVENT TYPES Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 UNDERSTANDING EVENT TYPES E v e n t T y p I c o D s r i Error A significant problem, such as loss of data or loss of functionality Warning An event that might not be significant but might indicate a future problem Information An event that describes the successful operation of an application, driver, or service Success Audit An audited security access attempt that succeeds Failure Audit fails
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 VIEWING EVENTS
EVENT LOG RETENTION SETTINGS Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 EVENT LOG RETENTION SETTINGS
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 USING FILTERS
FINDING SPECIFIC EVENTS Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 FINDING SPECIFIC EVENTS
ACCESSING REMOTE EVENT LOGS Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 ACCESSING REMOTE EVENT LOGS Allows you to view event logs on another system. Select Connect To Another Computer from the Action menu.
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 ARCHIVING EVENT LOGS Might be required in certain environments. Reduces space used by log files. Save as .evt files in order to view in Event Viewer. Save as .txt or .csv files to import into other applications.
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 USING TASK MANAGER Real-time monitoring tool Displays information on: Processor and memory performance Applications and processes Network utilization Users connected to the system
WORKING WITH APPLICATIONS Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 WORKING WITH APPLICATIONS
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MONITORING PROCESSES
MONITORING PERFORMANCE LEVELS Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MONITORING PERFORMANCE LEVELS
MONITORING NETWORK ACTIVITY Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MONITORING NETWORK ACTIVITY
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MONITORING USERS
USING THE PERFORMANCE CONSOLE Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 USING THE PERFORMANCE CONSOLE System Monitor Displays real-time performance data collected from performance counters Performance Logs and Alerts Records data from performance counters over a period of time and executes specific actions when counters reach a certain value
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 USING SYSTEM MONITOR
MODIFYING THE GRAPH VIEW Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MODIFYING THE GRAPH VIEW
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 HISTOGRAM VIEW
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 REPORT VIEW
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 ADDING COUNTERS
CREATING AN EFFECTIVE DISPLAY Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 CREATING AN EFFECTIVE DISPLAY Limit the number of counters. Modify the counter display properties. Choose counters with comparable values.
SAVING A SYSTEM MONITOR CONSOLE Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 SAVING A SYSTEM MONITOR CONSOLE Allows you to access commonly used counters more easily Reduces time needed to monitor critical components Can allow you to develop an eye for issues
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 WHAT IS A BOT TLENECK?
MONITORING PROCESSOR PERFORMANCE Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MONITORING PROCESSOR PERFORMANCE Processor: % Processor Time Should be < 85% System: Processor Queue Length Should be < 10 Server Work Queues: Queue Length Should be < 4 Processor: Interrupts/sec Varies depending on configuration
MONITORING MEMORY PERFORMANCE Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MONITORING MEMORY PERFORMANCE Memory: Page Faults/Sec Should be < 5 Memory: Pages/Sec Should be < 20 Memory: Available Bytes Should not fall below 5 percent of the system’s total physical memory Memory: Committed Bytes Should always be less than the physical RAM in the computer Memory: Pool Non-Paged Bytes Should be a stable number that does not grow without a corresponding growth in server activity
MONITORING DISK PERFORMANCE Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MONITORING DISK PERFORMANCE PhysicalDisk: Disk Bytes/sec Should be equivalent to the levels established in the original baseline readings or higher PhysicalDisk: Avg. Disk Bytes/Transfer PhysicalDisk: Current Disk Queue Length Should be < 2 PhysicalDisk: % Disk Time Should be < 80% LogicalDisk: % Free Space Should be > 20%
MONITORING NETWORK PERFORMANCE Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MONITORING NETWORK PERFORMANCE Network Interface: Bytes Total/sec Should be equal to baseline readings or higher Network Interface: Output Queue Length Preferably 0, < 2 acceptable Server: Bytes Total/sec Should be < 50 percent of the total bandwidth capacity
MONITORING SERVER ROLES Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MONITORING SERVER ROLES Different server roles place different demands on underlying hardware. Different server roles require different components to be monitored. Be aware of overmonitoring.
USING PERFORMANCE LOGS AND ALERTS Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 USING PERFORMANCE LOGS AND ALERTS Counter logs Captures statistics for specific counters to a log file Trace logs Records information about system applications when certain events occur Alerts Performs an action when the counter reaches a specified value
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 CREATING A COUNTER LOG
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 CREATING A TRACE LOG
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 VIEWING A COUNTER LOG
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 CREATING ALERTS
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 CHAPTER SUMMARY Event Viewer is an MMC snap-in that displays logs maintained by the computer. Task Manager displays real-time performance data for the computer. The Performance console consists of two snap-ins: System Monitor and Performance Logs and Alerts. System Monitor shows real-time performance data for system hardware and software components using graph, histogram, and report views. Performance Logs and Alerts records performance counter information to counter logs and operating system events to trace logs over scheduled periods of time, enabling you to capture large data samples for later examination.