Download presentation
Presentation is loading. Please wait.
1
MONITORING MICROSOFT WINDOWS SERVER 2003
Chapter 3 MONITORING MICROSOFT WINDOWS SERVER 2003
2
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
CHAPTER OVERVIEW Use Event Viewer to monitor system logs. Configure Task Manager to display performance data. Use System Monitor to display real-time performance data. Create counter logs and alerts.
3
SERVER MONITORING PRACTICES
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 SERVER MONITORING PRACTICES Real-time monitoring Uses tools that display a continuous stream of statistics about what the system is doing right now Logged monitoring Enables administrators to observe trends that develop over longer periods of time than those observed in a typical real-time monitoring session
4
MONITORING SUBSYSTEMS
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MONITORING SUBSYSTEMS Processor Disk Memory Network
5
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
WHAT IS A BASELINE?
6
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
USING EVENT VIEWER
7
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
EVENT VIEWER LOGS Application Information about specific programs running on the computer System Events generated by components such as services and device drivers Security Security-related events such as failed logons and attempts to access resources
8
UNDERSTANDING EVENT TYPES
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 UNDERSTANDING EVENT TYPES E v e n t T y p I c o D s r i Error A significant problem, such as loss of data or loss of functionality Warning An event that might not be significant but might indicate a future problem Information An event that describes the successful operation of an application, driver, or service Success Audit An audited security access attempt that succeeds Failure Audit fails
9
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
VIEWING EVENTS
10
EVENT LOG RETENTION SETTINGS
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 EVENT LOG RETENTION SETTINGS
11
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
USING FILTERS
12
FINDING SPECIFIC EVENTS
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 FINDING SPECIFIC EVENTS
13
ACCESSING REMOTE EVENT LOGS
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 ACCESSING REMOTE EVENT LOGS Allows you to view event logs on another system. Select Connect To Another Computer from the Action menu.
14
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
ARCHIVING EVENT LOGS Might be required in certain environments. Reduces space used by log files. Save as .evt files in order to view in Event Viewer. Save as .txt or .csv files to import into other applications.
15
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
USING TASK MANAGER Real-time monitoring tool Displays information on: Processor and memory performance Applications and processes Network utilization Users connected to the system
16
WORKING WITH APPLICATIONS
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 WORKING WITH APPLICATIONS
17
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
MONITORING PROCESSES
18
MONITORING PERFORMANCE LEVELS
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MONITORING PERFORMANCE LEVELS
19
MONITORING NETWORK ACTIVITY
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MONITORING NETWORK ACTIVITY
20
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
MONITORING USERS
21
USING THE PERFORMANCE CONSOLE
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 USING THE PERFORMANCE CONSOLE System Monitor Displays real-time performance data collected from performance counters Performance Logs and Alerts Records data from performance counters over a period of time and executes specific actions when counters reach a certain value
22
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
USING SYSTEM MONITOR
23
MODIFYING THE GRAPH VIEW
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MODIFYING THE GRAPH VIEW
24
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
HISTOGRAM VIEW
25
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
REPORT VIEW
26
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
ADDING COUNTERS
27
CREATING AN EFFECTIVE DISPLAY
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 CREATING AN EFFECTIVE DISPLAY Limit the number of counters. Modify the counter display properties. Choose counters with comparable values.
28
SAVING A SYSTEM MONITOR CONSOLE
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 SAVING A SYSTEM MONITOR CONSOLE Allows you to access commonly used counters more easily Reduces time needed to monitor critical components Can allow you to develop an eye for issues
29
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
WHAT IS A BOT TLENECK?
30
MONITORING PROCESSOR PERFORMANCE
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MONITORING PROCESSOR PERFORMANCE Processor: % Processor Time Should be < 85% System: Processor Queue Length Should be < 10 Server Work Queues: Queue Length Should be < 4 Processor: Interrupts/sec Varies depending on configuration
31
MONITORING MEMORY PERFORMANCE
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MONITORING MEMORY PERFORMANCE Memory: Page Faults/Sec Should be < 5 Memory: Pages/Sec Should be < 20 Memory: Available Bytes Should not fall below 5 percent of the system’s total physical memory Memory: Committed Bytes Should always be less than the physical RAM in the computer Memory: Pool Non-Paged Bytes Should be a stable number that does not grow without a corresponding growth in server activity
32
MONITORING DISK PERFORMANCE
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MONITORING DISK PERFORMANCE PhysicalDisk: Disk Bytes/sec Should be equivalent to the levels established in the original baseline readings or higher PhysicalDisk: Avg. Disk Bytes/Transfer PhysicalDisk: Current Disk Queue Length Should be < 2 PhysicalDisk: % Disk Time Should be < 80% LogicalDisk: % Free Space Should be > 20%
33
MONITORING NETWORK PERFORMANCE
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MONITORING NETWORK PERFORMANCE Network Interface: Bytes Total/sec Should be equal to baseline readings or higher Network Interface: Output Queue Length Preferably 0, < 2 acceptable Server: Bytes Total/sec Should be < 50 percent of the total bandwidth capacity
34
MONITORING SERVER ROLES
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 MONITORING SERVER ROLES Different server roles place different demands on underlying hardware. Different server roles require different components to be monitored. Be aware of overmonitoring.
35
USING PERFORMANCE LOGS AND ALERTS
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003 USING PERFORMANCE LOGS AND ALERTS Counter logs Captures statistics for specific counters to a log file Trace logs Records information about system applications when certain events occur Alerts Performs an action when the counter reaches a specified value
36
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
CREATING A COUNTER LOG
37
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
CREATING A TRACE LOG
38
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
VIEWING A COUNTER LOG
39
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
CREATING ALERTS
40
Chapter 3: MONITORING MICROSOFT WINDOWS SERVER 2003
CHAPTER SUMMARY Event Viewer is an MMC snap-in that displays logs maintained by the computer. Task Manager displays real-time performance data for the computer. The Performance console consists of two snap-ins: System Monitor and Performance Logs and Alerts. System Monitor shows real-time performance data for system hardware and software components using graph, histogram, and report views. Performance Logs and Alerts records performance counter information to counter logs and operating system events to trace logs over scheduled periods of time, enabling you to capture large data samples for later examination.
Similar presentations
