Monitor Microsoft Windows Server for higher performance and availability with WildMetrix™
Maximize Windows Server performance, availability, and reliability with WildMetrix Windows Server monitoring solutions.
Microsoft Windows Server supports a wide range of base and advanced services. From
the required primary subsystems of Memory, Disk, CPU and Network which allow
integrated services such as Active Directory, File and Print Sharing, Internet
Information Server to hosting business applications such as SQL Server, Exchange
Server, and Custom ASP.NET Applications. For high end performance, Windows Server
supports clustering and higher amounts of memory, and more cpu's.
Benefits
of Monitoring Microsoft Windows Server with WildMetrix
Helps administrators detect problems in their Windows Server
architecture
Quickly diagnose exactly where and what the problems are
Resolves the problems from a single easy-to-use interface
Gain understanding of entire Windows Server system inside and out
Windows Server's architecture has many processes,
services and is highly dependent on good performing
hardware. Monitoring Windows Server complexity requires continually looking
at all elements involved to know and understand if health and
performance is optimal. Each Windows Server aspect is important
including:
Processor Subsystem
Memory Subsystem
Disk Subsystem
Network Subsystem
Process Utilization
Services states and events
Eventlog Errors, Warnings, and Informational Events
Dependent Infrastructure Performance
Customizable Microsoft Windows Server Dashboards
Live performance dashboards give you the performance metrics,
and events of Microsoft Windows Server in a single view with quick link
access to powerful analytical charting. Dashboards include:
Windows Server Diagnostics
Windows Server Disk Performers
Windows Server Memory Performers
Windows Server Network Performers
Windows Server Processes Diagnostics
Windows Server Processor Performers
Windows Server Subsystem Diagnostics
Powerful Analytics
The tools make the difference when finding the root-cause of
performance bottlenecks, application faults, and performing trend
analysis. Analytical Charting features include:
Correlation of Live or Historical Data
Drill-Down, Zoom, and Statistic Lines
OpenGL 3D Surface Analysis
Live, Second, Minute, Hourly, and Monthly Data Periods
Powerful Monitoring Solutions
Deployment of pre-built monitoring solutions is as simple as
Drag-n-Drop. Policies are customizable by adding performance
counters and setting your desired collection and retention intervals
as well as alerting rules.
The Microsoft Windows Server monitoring policy includes:
(click nodes to drill down)
WildMetrix Monitoring Policies
Microsoft Windows Server
Alerts
\Extended:General\AlertLog
The AlertLog extended counter is reference to an internal AlertLog counter added when a new device is added. The AlertLog counter is used to display respective alerts on charts and for data exploration in the Log Explorer.
Intrusion Detection
\Extended:Server\EventLog
The EventLog extended counter is a real-time provider of event log data. The counter captures all events from the event logs.
Account Misuse
Act as part of the operating system
Change the system time
Creation of a user account
Domain Account Lockout
Domain logon attempt failure
Force shutdown from a remote system
Load and unload device drivers
Local Account Lockout
Local logon attempt failure
Modification of Security Groups
Take ownership of files or other objects
The security log was cleared
User account password changed
User account status changed
System Disk
\LogicalDisk()\% Disk Time
% Disk Time is the percentage of elapsed time that the selected disk drive was busy servicing read or write requests.
Heavy Sustained % Disk Time
Moderate Sustained % Disk Time
\LogicalDisk()\% Free Space
% Free Space is the percentage of total usable space on the selected logical disk drive that was free.
Extremely Low Drive Space
Sustained Low Drive Space
\LogicalDisk()\Current Disk Queue Length
Current Disk Queue Length is the number of requests outstanding on the disk at the time the performance data is collected. It also includes requests in service at the time of the collection. This is a instantaneous snapshot, not an average over the time interval. Multi-spindle disk devices can have multiple requests that are active at one time, but other concurrent requests are awaiting service. This counter might reflect a transitory high or low queue length, but if there is a sustained load on the disk drive, it is likely that this will be consistently high. Requests experience delays proportional to the length of this queue minus the number of spindles on the disks. For good performance, this difference should average less than two.
Sustained Heavy Disk Queue Congestion
Sustained Moderate Disk Queue Congestion
\LogicalDisk()\Disk Reads/sec
Disk Reads/sec is the rate of read operations on the disk.
\LogicalDisk()\Disk Writes/sec
Disk Writes/sec is the rate of write operations on the disk.
\LogicalDisk()\Free Megabytes
Free Megabytes displays the unallocated space, in megabytes, on the disk drive in megabytes. One megabyte is equal to 1,048,576 bytes.
System Logging
\Extended:Server\EventLog
The EventLog extended counter is a real-time provider of event log data. The counter captures all events from the event logs.
%SourceName% Error
%SourceName% Warning
A duplicate name has been detected on the TCP network
DCOM Distributed COM error
Disk: Bad HDD block notification
Event Log Service stopped outside Operational Time
Installed Patch
Installed Service Pack
Log file has reached its maximum size
Messenger service
MSI Installer
NETBIOS over TCP/IP
NETBIOS over TCP/IP
Network adapter connected
Network adapter disconnected
Notify when an election takes place to discover the master browser
Save Dump: Memory Dump occured
The NTP server didnt respond
Update requires restart
Updates Installed successfully
Updates ready to install
Windows File Protection:File replacement was attempted on a protected system file
Windows Group Policy
Windows Group Policy
Windows Kerberos
Windows Kerberos
Windows Master Browser
Windows Master Browser
Windows NETLOGON Service
Windows NT is starting up
Windows Service Control Manager Error
Windows Time Provider
Windows Time Provider
\Extended:Server\ProcessLog
The ProcessLog extended counter is a query to check process events. Processes that have started or exited will be logged.
Any ProcessLog
Software Installation or Removal Detection
\Extended:Server\ServiceLog
The ServiceLog extended counter is a query to check for status changes of registered services. Status changes include Running, Stopping, Stopped, and Starting.
%Name% Service %Status%
%Name% Service %Status%
Alerter Service Stopped
Automatic Updates Service Stopped
Background Intelligent Transfer Service Stopped
Certificate Service Stopped
Cluster Service Stopped
COM+ Event System Service Stopped
COM+ System Application Service Stopped
Computer Browser Service Stopped
Cryptographic Services Stopped
Distributed File System Service Stopped
System Memory
\Cache\Copy Read Hits %
Copy Read Hits is the percentage of cache copy read requests that hit the cache, that is, they did not require a disk read in order to provide access to the page in the cache. A copy read is a file read operation that is satisfied by a memory copy from a page in the cache to the applications buffer. The LAN Redirector uses this method for retrieving information from the cache, as does the LAN Server for small transfers. This is a method used by the disk file systems as well.
\Memory\% Committed Bytes In Use
% Committed Bytes In Use is the ratio of Memory: Committed Bytes to Memory: Commit Limit. (Committed memory is physical memory in use for which space has been reserved in the paging file should it need to be written to disk. The commit limit is determined by the size of the paging file. If the paging file is enlarged, the commit limit increases, and the ratio is reduced). This counter displays the current percentage value only; it is not an average.
Sustained High Committed Memory Usage
\Memory\Available MBytes
Available MBytes is the amount of physical memory, in Megabytes, immediately available for allocation to a process or for system use. It is equal to the sum of memory assigned to the standby (cached), free and zero page lists. For a full explanation of the memory manager, refer to MSDN and/or the System Performance and Troubleshooting Guide chapter in the Windows Server 2003 Resource Kit.
\Memory\Cache Bytes
Cache Bytes is the sum of the System Cache Resident Bytes, System Driver Resident Bytes, System Code Resident Bytes, and Pool Paged Resident Bytes counters. This counter displays the last observed value only; it is not an average.
\Memory\Committed Bytes
Committed Bytes is the amount of committed virtual memory, in bytes. (Committed memory is physical memory for which space has been reserved on the disk paging file in case it needs to be written back to disk). This counter displays the last observed value only; it is not an average.
\Memory\Page Faults/sec
Page Faults/sec is the average number of pages faulted per second. It is measured in number of pages faulted per second because only one page is faulted in each fault operation, hence this is also equal to the number of page fault operations. This counter includes both hard faults (those that require disk access) and soft faults (where the faulted page is found elsewhere in physical memory.) Most processors can handle large numbers of soft faults without significant consequence. However, hard faults, which require disk access, can cause significant delays.
\Memory\Pages/sec
Pages/sec is the rate at which pages are read from or written to disk to resolve hard page faults. This counter is a primary indicator of the kinds of faults that cause system-wide delays. It is the sum of Memory\Pages Input/sec and Memory\Pages Output/sec. It is counted in numbers of pages, so it can be compared to other counts of pages, such as Memory\Page Faults/sec, without conversion. It includes pages retrieved to satisfy faults in the file system cache (usually requested by applications) non-cached mapped memory files.
Sustained Excesive Memory Paging
\Memory\Pool Nonpaged Bytes
Pool Nonpaged Bytes is the size, in bytes, of the nonpaged pool, an area of system memory (physical memory used by the operating system) for objects that cannot be written to disk, but must remain in physical memory as long as they are allocated. Memory\Pool Nonpaged Bytes is calculated differently than Process\Pool Nonpaged Bytes, so it might not equal Process\Pool Nonpaged Bytes\_Total. This counter displays the last observed value only; it is not an average.
\Memory\Pool Paged Bytes
Pool Paged Bytes is the size, in bytes, of the paged pool, an area of system memory (physical memory used by the operating system) for objects that can be written to disk when they are not being used. Memory\Pool Paged Bytes is calculated differently than Process\Pool Paged Bytes, so it might not equal Process\Pool Paged Bytes\_Total. This counter displays the last observed value only; it is not an average.
\Paging File(_Total)\% Usage
The amount of the Page File instance in use in percent. See also Process Page File Bytes.
Low Paging File Usage
Sustained High Paging File Usage
System Network
\Network Interface()\Bytes Received/sec
Bytes Received/sec is the rate at which bytes are received over each network adapter, including framing characters. Network Interface\\Bytes Received/sec is a subset of Network Interface\\Bytes Total/sec.
\Network Interface()\Bytes Sent/sec
Bytes Sent/sec is the rate at which bytes are sent over each each network adapter, including framing characters. Network Interface\\Bytes Sent/sec is a subset of Network Interface\\Bytes Total/sec.
\Network Interface()\Bytes Total/sec
Bytes Total/sec is the rate at which bytes are sent and received over each network adapter, including framing characters. Network Interface\\Bytes Received/sec is a sum of Network Interface\\Bytes Received/sec and Network Interface\\Bytes Sent/sec.
\Network Interface()\Output Queue Length
Output Queue Length is the length of the output packet queue (in packets). If this is longer than two, there are delays and the bottleneck should be found and eliminated, if possible. Since the requests are queued by the Network Driver Interface Specification (NDIS) in this implementation, this will always be 0.
Sustained Network Interface Queue Length
\Network Interface()\Packets Outbound Discarded
Packets Outbound Discarded is the number of outbound packets that were chosen to be discarded even though no errors had been detected to prevent transmission. One possible reason for discarding packets could be to free up buffer space.
\Network Interface()\Packets Outbound Errors
Packets Outbound Errors is the number of outbound packets that could not be transmitted because of errors.
\Network Interface()\Packets Received Discarded
Packets Received Discarded is the number of inbound packets that were chosen to be discarded even though no errors had been detected to prevent their delivery to a higher-layer protocol. One possible reason for discarding packets could be to free up buffer space.
\Network Interface()\Packets Received Errors
Packets Received Errors is the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.
\TCPv4\Connections Established
Connections Established is the number of TCP connections for which the current state is either ESTABLISHED or CLOSE-WAIT.
System Processes
\Process(services)\% Processor Time
% Processor Time is the percentage of elapsed time that all of process threads used the processor to execution instructions. An instruction is the basic unit of execution in a computer, a thread is the object that executes instructions, and a process is the object created when a program is run. Code executed to handle some hardware interrupts and trap conditions are included in this count.
\Process(services)\Handle Count
The total number of handles currently open by this process. This number is equal to the sum of the handles currently open by each thread in this process.
\Process(services)\IO Read Bytes/sec
The rate at which the process is reading bytes from I/O operations. This counter counts all I/O activity generated by the process to include file, network and device I/Os.
\Process(services)\IO Write Bytes/sec
The rate at which the process is writing bytes to I/O operations. This counter counts all I/O activity generated by the process to include file, network and device I/Os.
\Process(services)\Page Faults/sec
Page Faults/sec is the rate at which page faults by the threads executing in this process are occurring. A page fault occurs when a thread refers to a virtual memory page that is not in its working set in main memory. This may not cause the page to be fetched from disk if it is on the standby list and hence already in main memory, or if it is in use by another process with whom the page is shared.
\Process(services)\Private Bytes
Private Bytes is the current size, in bytes, of memory that this process has allocated that cannot be shared with other processes.
\Process(services)\Thread Count
The number of threads currently active in this process. An instruction is the basic unit of execution in a processor, and a thread is the object that executes instructions. Every running process has at least one thread.
\Process(services)\Virtual Bytes
Virtual Bytes is the current size, in bytes, of the virtual address space the process is using. Use of virtual address space does not necessarily imply corresponding use of either disk or main memory pages. Virtual space is finite, and the process can limit its ability to load libraries.
\Process(services)\Working Set
Working Set is the current size, in bytes, of the Working Set of this process. The Working Set is the set of memory pages touched recently by the threads in the process. If free memory in the computer is above a threshold, pages are left in the Working Set of a process even if they are not in use. When free memory falls below a threshold, pages are trimmed from Working Sets. If they are needed they will then be soft-faulted back into the Working Set before leaving main memory.
\Process(System)\% Processor Time
% Processor Time is the percentage of elapsed time that all of process threads used the processor to execution instructions. An instruction is the basic unit of execution in a computer, a thread is the object that executes instructions, and a process is the object created when a program is run. Code executed to handle some hardware interrupts and trap conditions are included in this count.
\Process(System)\Handle Count
The total number of handles currently open by this process. This number is equal to the sum of the handles currently open by each thread in this process.
\Process(System)\IO Read Bytes/sec
The rate at which the process is reading bytes from I/O operations. This counter counts all I/O activity generated by the process to include file, network and device I/Os.
\Process(System)\IO Write Bytes/sec
The rate at which the process is writing bytes to I/O operations. This counter counts all I/O activity generated by the process to include file, network and device I/Os.
\Process(System)\Page Faults/sec
Page Faults/sec is the rate at which page faults by the threads executing in this process are occurring. A page fault occurs when a thread refers to a virtual memory page that is not in its working set in main memory. This may not cause the page to be fetched from disk if it is on the standby list and hence already in main memory, or if it is in use by another process with whom the page is shared.
\Process(System)\Private Bytes
Private Bytes is the current size, in bytes, of memory that this process has allocated that cannot be shared with other processes.
\Process(System)\Thread Count
The number of threads currently active in this process. An instruction is the basic unit of execution in a processor, and a thread is the object that executes instructions. Every running process has at least one thread.
\Process(System)\Virtual Bytes
Virtual Bytes is the current size, in bytes, of the virtual address space the process is using. Use of virtual address space does not necessarily imply corresponding use of either disk or main memory pages. Virtual space is finite, and the process can limit its ability to load libraries.
\Process(System)\Working Set
Working Set is the current size, in bytes, of the Working Set of this process. The Working Set is the set of memory pages touched recently by the threads in the process. If free memory in the computer is above a threshold, pages are left in the Working Set of a process even if they are not in use. When free memory falls below a threshold, pages are trimmed from Working Sets. If they are needed they will then be soft-faulted back into the Working Set before leaving main memory.
System Processor
\Processor(_Total)\% Privileged Time
% Privileged Time is the percentage of non-idle processor time spent in privileged mode. (Privileged mode is a processing mode designed for operating system components and hardware-manipulating drivers. It allows direct access to hardware and all memory. The alternative, user mode, is a restricted processing mode designed for applications, environment subsystems, and integral subsystems. The operating system switches application threads to privileged mode to access operating system services). % Privileged Time includes time servicing interrupts and DPCs. A high rate of privileged time might be attributable to a large number of interrupts generated by a failing device. This counter displays the average busy time as a percentage of the sample time.
\Processor(_Total)\% Processor Time
% Processor Time is the percentage of time that the processor is executing a non-Idle thread. This counter was designed as a primary indicator of processor activity. It is calculated by measuring the time that the processor spends executing the thread of the Idle process in each sample interval, and subtracting that value from 100%. (Each processor has an Idle thread which consumes cycles when no other threads are ready to run). It can be viewed as the percentage of the sample interval spent doing useful work. This counter displays the average percentage of busy time observed during the sample interval. It is calculated by monitoring the time the service was inactive, and then subtracting that value from 100%.
High Processor Usage
Moderate Processor Usage
\Processor(_Total)\% User Time
% User Time is the percentage of non-idle processor time spent in user mode. (User mode is a restricted processing mode designed for applications, environment subsystems, and integral subsystems. The alternative, privileged mode, is designed for operating system components and allows direct access to hardware and all memory. The operating system switches application threads to privileged mode to access operating system services). This counter displays the average busy time as a percentage of the sample time.
\Processor(_Total)\DPC Rate
DPC Rate is the rate at which deferred procedure calls (DPCs) were added to the processors DPC queues between the timer ticks of the processor clock. DPCs are interrupts that run at alower priority than standard interrupts. Each processor has its own DPC queue. This counter measures the rate that DPCs were added to the queue, not the number of DPCs in the queue. This counter displays the last observed value only; it is not an average.
\Processor(_Total)\DPCs Queued/sec
DPCs Queued/sec is the average rate, in incidents per second, at which deferred procedure calls (DPCs) were added to the processor's DPC queue. DPCs are interrupts that run at a lower priority than standard interrupts. Each processor has its own DPC queue. This counter measures the rate that DPCs are added to the queue, not the number of DPCs in the queue. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.
\Processor(_Total)\Interrupts/sec
Interrupts/sec is the average rate, in incidents per second, at which the processor received and serviced hardware interrupts. It does not include deferred procedure calls (DPCs), which are counted separately. This value is an indirect indicator of the activity of devices that generate interrupts, such as the system clock, the mouse, disk drivers, data communication lines, network interface cards, and other peripheral devices. These devices normally interrupt the processor when they have completed a task or require attention. Normal thread execution is suspended. The system clock typically interrupts the processor every 10 milliseconds, creating a background of interrupt activity. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.
System Server
\Server\Bytes Total/sec
The number of bytes the server has sent to and received from the network. This value provides an overall indication of how busy the server is.
\Server\Errors Logon
The number of failed logon attempts to the server. Can indicate whether password guessing programs are being used to crack the security on the server.
\Server\Errors System
The number of times an internal Server Error was detected. Unexpected errors usually indicate a problem with the Server.
\Server\Files Open
The number of files currently opened in the server. Indicates current server activity.
\System\Context Switches/sec
Context Switches/sec is the combined rate at which all processors on the computer are switched from one thread to another. Context switches occur when a running thread voluntarily relinquishes the processor, is preempted by a higher priority ready thread, or switches between user-mode and privileged (kernel) mode to use an Executive or subsystem service. It is the sum of Thread: Context Switches/sec for all threads running on all processors in the computer and is measured in numbers of switches. There are context switch counters on the System and Thread objects. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.
Sustained Heavy Context Switches
Sustained Moderate Context Switches
\System\File Read Bytes/sec
File Read Bytes/sec is the overall rate at which bytes are read to satisfy file system read requests to all devices on the computer, including reads from the file system cache. It is measured in number of bytes per second. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.
\System\File Write Bytes/sec
File Write Bytes/sec is the overall rate at which bytes are written to satisfy file system write requests to all devices on the computer, including writes to the file system cache. It is measured in number of bytes per second. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.
\System\Processes
Processes is the number of processes in the computer at the time of data collection. This is an instantaneous count, not an average over the time interval. Each process represents the running of a program.
\System\Processor Queue Length
Processor Queue Length is the number of threads in the processor queue. There is a single queue for processor time even on computers with multiple processors. Unlike the disk counters, this counter counts ready threads only, not threads that are running. A sustained processor queue of greater than two threads generally indicates processor congestion. This counter displays the last observed value only; it is not an average.
Sustained Heavy Processor Queue Congestion
Sustained Moderate Processor Queue
\System\System Calls/sec
System Calls/sec is the combined rate of calls to operating system service routines by all processes running on the computer. These routines perform all of the basic scheduling and synchronization of activities on the computer, and provide access to non-graphic devices, memory management, and name space management. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.
\System\Threads
Threads is the number of threads in the computer at the time of data collection. This is an instantaneous count, not an average over the time interval. A thread is the basic executable entity that can execute instructions in a processor.
Microsoft Windows Server supports a wide range of base and advanced services. From
the required primary subsystems of Memory, Disk, CPU and Network which allow
integrated services such as Active Directory, File and Print Sharing, Internet
Information Server to hosting business applications such as SQL Server, Exchange
Server, and Custom ASP.NET Applications. For high end performance, Windows Server
supports clustering and higher amounts of memory, and more cpu's.
Ascendview,
Copyright © 2003-2008