Go Perfmon-windows self-brought system monitoring tool

Source: Internet
Author: User

The following is transferred from: http://blog.csdn.net/oscar999/article/details/7918385

---------------------------Split Line--------------------------------------

First, brief

can be used to monitor CPU usage, memory usage, hard disk read and write speed, network speed, and so on.

Perfmon provides a chart-based system performance real-time monitor, performance logs, and alert management, which can be defined as binary files, text files, SQL Server table records, and so on, making it easy to perform performance analysis using third-party tools.

The Perfmon.exe file is located in the C:\Windows\System32 directory. How to use:

1) Start-run, enter Perfmon and return to open Perfmon.exe.

2) In the left pane of Perfmon.exe, click System Monitor (if unchecked).

3) In the right pane, right-click, and then click Add Counters.

4) In the Performance Object column table, select the counter category for which you want to display graphics in PerfMon.exe, and click Add.

Second, the commonly used performance indicators

The overall performance of the system is determined by a number of factors, such as CPU utilization, CPU queue length, disk space and I/O, memory usage, network traffic, and so on. For the system with high real-time requirement, the effective monitoring and management of system key indicators is an important means to ensure the high availability of the system, therefore, it is necessary to develop a clear and effective strategy planning, and to effectively monitor these performance indicators in real time. When the key performance indicators are seriously deviated or the system fails, effective means should be taken to accurately locate the cause of the problem and improve the usability of the system by optimizing the system configuration or improving the application.

(i) Monitoring objects in Perfmon

Perfmon provides a comprehensive set of system performance metrics, as well as the ability to tailor log content to the requirements of performance management, and to develop alert measures when key metrics deviate. Table I lists performance objects that can be monitored by perfmon, with multiple performance indicator counters under each performance object item.

Table I: Performance object description

Performance object

The information provided

Browser

Browser performance object consists of counters that measure notifications, enumerations, and other browser transfer rates

Cache

The cache performance object includes a portion of memory that oversees the file system cache, which stores the most recently used data in physical memory for as long as possible to access the data without having to read it from disk. ) of the counter. Because the application only uses caching, the cache can be used as an indicator of application I/O operations. When there is enough memory, the cache can grow, but when memory is low, the cache becomes too small to be used.

Distributed Transaction Coordinator

Microsoft Distributed Transaction Coordinator performance counters

Icmp

The ICMP performance object includes counters that measure the speed at which messages are sent and received with the ICMP protocol. It also includes counters that monitor ICMP protocol errors.

Ip

The IP performance object includes a counter that measures the speed of IP datagrams sent and received using the IP protocol. It also contains a watchdog IP protocol error counter.

Job Object

A report of the account and processor usage data that is collected by the job object named by each activity.

Job Object Detail

The Job Object Detail displays detailed operational information about the activity processing in the job objects.

Logical Disk

Logical Disk performance object contains counters that monitor the logical partitioning of a hard disk or a fixed disk drive. Performance Monitor uses the drive letter of the logical disk (for example: C) to identify the logical disk.

Memory

Memory performance object consists of counters that describe the behavior of physical and virtual memory on a computer. Physical memory refers to the number of random access memory on a computer. Virtual memory consists of physical memory and space on disk. Many Memory counters monitor page scheduling (refers to the movement of Code and data pages for disk and physical memory). Excessive page scheduling (a performance of out-of-memory) can cause delays that can affect the overall system processing efficiency.

NBT Connection

NBT Connection Performance object includes a counter that measures the rate at which bytes are sent and received between a local computer and a remote computer with NBT connections. The connection is identified by the name of the remote computer.

Network Interface

The network Interface performance object includes a counter that measures the rate at which bytes and packets are sent and received over a TCP/IP network connection. It includes counters that monitor connection errors.

Objects

The object performance object contains counters that supervise logical objects in the system, such as: processing, threading, multi-user terminal execution programs, and semaphores. This information can be used to detect unnecessary consumption of computer resources. Each object requires memory to store basic information about the object.

Paging File

Paging file performance object includes counters that oversee paging files on the computer. A paging file is a disk space that is reserved for the backup of physical memory on the computer.

Physical Disk

Physical Disk performance object contains counters that monitor hard disks or fixed disk drives on your computer. Disks are used to store files, programs, and paging data and retrieve them by reading and making changes to them through record writes. The value of the physical disk counter is the sum of the values of the logical disk (divided by the disk).

Print Queue

Displays an operation statistic for a print queue.

Process

The Process performance object contains counters that monitor running applications and system processing. All threads in one process share the same address space and can access the same data.

Processor

The Processor performance object contains counters that measure processor activity. The processor is the part of the computer for arithmetic and logical computation, the start of the attachment, and the running of the processing thread. A single computer can have more than one processor. Processor objects use each processor as an example of an object.

Processor Performance

Processor information

Psched Pipe

Number of pipeline statistics in the Packet Scheduler

RAS Port

The RAS Port performance object includes counters that oversee each remote access service port on the RAS device on the computer.

RAS Total

The RAS total performance object contains a counter that adds the values of all the ports on the Remote Access Service (RAS) device on the computer.

Redirector

Redirector performance object includes counters that supervise network connections on the local computer.

Rsvp

RSVP Service performance counters.

System

The System performance object contains counters that apply to more than one component processor instance on the computer.

Tcp

The TCP performance object contains a counter variable that measures the TCP Segment rate that is sent and received using the TCP protocol. It contains counter variables that oversee the number of TCP connections in each TCP connection state.

Telephony

Telephone service System

Terminal Services

Terminal Services information.

Terminal Services Session

Each Terminal Services session resource is supervised.

Thread

The thread performance object includes counters that measure the behavior of threads. A thread is a basic object that executes instructions on a single processor. All running processes have at least one thread.

Udp

The UDP performance object contains counters that measure the rate at which UDP datagrams are sent and received using the UDP protocol. It includes counters that monitor UDP protocol errors.

WMI Objects

WMI Performance provider returned by WMI adapter

(ii) commonly used perfmon monitoring objects and indicators

The performance objects listed above have a total of hundreds of performance indicators, we are concerned about the performance of a system, it is not possible to pay attention to so many indicators, some objects to the actual application system has little impact. But for a Windows operating system, key objects such as CPUs, Memmory, disk, and network are essential for performance monitoring. Table II lists important indicators of the most commonly used performance objects.

Table II: Commonly used performance objects and indicators

Performance object

Counter

The information provided

Processor

% Idle Time

% Idle time is the percentage of the processor that is idle during the sampling period

Processor

% Processor Time

% Processor time refers to the percentage that the processor uses to perform non-idle threads. The calculation is to measure the time at which non-idle threads are active during the sample interval, subtracting the value with the sample interval. This counter is the primary specifier for processor activity, showing the average percentage of busy times observed during the sample interval.

Processor

% User Time

% User Time refers to the percentage of the processor in user mode. User mode is a limited processing mode designed for applications, environment sub-systems, and integer sub-systems.

Memory

Available Bytes

Available bytes shows the total amount of physical memory currently idle. When this value becomes an hour, Windows starts to call the disk paging file frequently. If the value is small, for example less than 5 MB, the system will spend most of the time on the action page file.

Memory

% Committed Bytes in use

% Committed Bytes In use is the ratio between memory:committed Bytes and Memory:commit limit. (Committed memory refers to the amount of physical RAM in use that has been reserved for space in the paging file if it needs to be written to disk.) The Commit limit is determined by the size of the paging file. If the paging file is enlarged, the scale will decrease). This counter displays only the current percentage, not an average.

Memory

Page faults/sec

Page faults/sec refers to the overall rate at which the processor handles error pages. Count the number of pages/s in error. A page fault that occurs when the processor requests code or data that is not in its working set (space in physical memory). This counter includes hard errors (those that require disk access) and soft errors (error pages found elsewhere in physical memory). Many processors can continue to operate in the event of a large number of soft errors. However, a hard error can lead to noticeable delays. This counter shows the difference between the values observed in the last two instances divided by the duration of the instance interval.

Network Interface

Bytes total/sec

The Bytes total/sec is the rate at which bytes are sent and received, including frame characters.

Network Interface

Packets/sec

Packets/sec the rate at which packets are sent and received.

Physical Disk

% Busy Time

% Busy time refers to the percentage of times that a disk drive is busy servicing a read or write request.

Physical Disk

Avg. Disk Queue Length

AVG. Disk Queue Length refers to the average number of read and write requests (queued in the instance interval for the selected disk).

Physical Disk

Current Disk Queue Length

Current disk Queue length refers to the number of requests that have not been completed on disk when the operation data is collected. It includes requests that are being serviced in the snapshot memory when they are being served. This is an average of an immediate length rather than a certain interval of time. Multi-spindle disk devices can have multiple request operations at one time, but other simultaneous requests are waiting services. This counter may reflect a temporary high or low queue length, but if there is a sustained load on the disk drive, the value may always be high. The request wait time is proportional to the length of the queue minus the spindle on the disk. This difference should be less than 2 in order to maintain good performance.

Logical

Disk

% Free Space

The% free space is the percentage of the total free available on the selected logical disk drive.

Logical

Disk

Free Megabytes

The available MB displays the space that has not been allocated on the disk drive.

(iii) Perfmon monitoring of the process indicators

In general, one or more applications are installed on the server, and these applications often manifest as several application processes during operation. In order to monitor the operation of the application, the monitoring program of the application system is generally used in the process of programming. Perfmon also set up the process monitoring commonly used indicators, these indicators are more intuitive to reflect the status of the process, is the application system monitoring or application system tracking tuning basis. Table III lists the main indicators of process monitoring.

Table III: Key Indicators of the process object

Performance object

Counter

The information provided

Process

% Privileged Time

The% Privileged time is the percentage of hours spent in privileged mode to process thread execution code. When Windows system Services is invoked, this service often runs in privileged mode to gain access to system-specific data. Threads that are executing in user mode cannot access this data. Calls to the system can be either direct (explicit) or indirect (implicit), such as page faults or intervals.

Process

% Processor Time

% Processor Time is the percentage of the process threads that are spent using the processor to execute instructions. An instruction is a basic unit of computer execution. A thread is an object that executes instructions, and a process is an object that is created when the program is run. This count includes code that is executed to handle some hardware intervals and trap conditions.

Process

% User Time

% User Time refers to the percentage of times that processing threads are used to execute code that uses user mode. Applications, environment sub-systems, and aggregation systems are performed in user mode. Windows ' executable programs, kernels, and device drivers are not corrupted by code that executes in user mode.

Process

Creating Process ID Value

Creating process ID value refers to the process number that was created by the parent.

Process

Elapsed time

The total time, in seconds, that the process is running.

Process

Handle Count

The total number of handles opened by this processing now. This number equals the total number of handles currently open by each thread in this process.

Process

ID Process

The ID process refers to the special identifier for this processing. ID process numbers can be reused, so these ID process numbers can only identify that processing during the lifetime of a process.

Process

IO Data bytes/sec

Handles the speed of reading/writing bytes from an I/O operation. This counter is a count of all activity generated by this processing, including file, network, and device I/O.

Process

IO Data operations/sec

Rate of read/write I/O operations for this processing. This counter is a count of all activity generated by this processing, including file, network, and device I/O.

Process

IO other Bytes/sec

The rate of bytes processed for I/O operations (such as control operations) that do not include data. This counter is a count of all activity generated by this processing, including file, network, and device I/O.

Process

IO other Operations/sec

Rate of non-read/write I/O operations for this processing. For example, control performance. This counter is a count of all activity generated by this processing, including file, network, and device I/O.

Process

IO Read bytes/sec

Handles the speed at which bytes are read from an I/O operation. This counter is a count of all activity generated by this processing, including file, network, and device I/O.

Process

IO Read operations/sec

Rate of Read I/O operations for this processing. This counter is a count of all activity generated by this processing, including file, network, and device I/O.

Process

IO Write bytes/sec

Handles the speed of writing bytes from an I/O operation. This counter is for all files, networks, and devices that are generated by this process.

Process

IO Write operations/sec

The rate at which this processing writes I/O operations. This counter is a count of all activity generated by this processing, including file, network, and device I/O.

Process

Page faults/sec

Page faults/sec refers to the speed at which pages errors occur as a result of thread execution in this process. Page Fault appears when a thread references a virtual memory sheet that is not in the main memory working set. If it is in the standby table (that is, already in main memory) or another shared page is being used, it causes the page to be fetched from disk.

Process

Page File Bytes

Page File Bytes refers to the maximum number of bytes that this processing uses in Paging File. The Paging file is used to store pages of memory that are not contained in other files that are used by processing. Paging file is shared by all processing, and Paging file space is insufficient to prevent other processing from allocating memory.

Process

Page File Bytes Peak

Page File Bytes Peak refers to the maximum number of bytes that this process uses in Paging files.

Process

Pool nonpaged Bytes

Pool Nonpaged Bytes refers to the number of bytes in the nonpaged pool, which is an area of system memory (the physical memory used by the operating system) that is available to an object (that is, those objects that cannot be written to disk without being used and that must be retained in physical memory as long as they have been dispatched). This counter displays only the value of the last observation, not an average.

Process

Pool Paged Bytes

Pool Paged Bytes refers to the number of bytes in the paged pool, which is an area of system memory (the physical memory used by the operating system) that can be used by objects (which can be written to disk when they are not in use). This counter displays only the value of the last observation, not an average.

Process

Priority Base

Current basic priority of this process. A thread in a process can raise or lower its own base priority based on the basic priority of processing.

Process

Private Bytes

Private Bytes refers to the current number of allocated bytes that this processing cannot share with other processing.

Process

Thread Count

The number of threads that are active in this process. An instruction is a basic unit of execution in a processor, and a thread is the object that executes the instruction. Each run process has at least one thread.

Process

Virtual Bytes

Virtual Bytes refers to the current size, in bytes, of the virtual address space used for processing. The use of virtual address space does not necessarily refer to the corresponding use of disk or main memory pages. Virtual space is limited and may limit the ability to handle loading a database.

Process

Virtual Bytes Peak

Virtual Bytes Peak refers to the maximum number of virtual address space bytes that the processing uses at any time.

Process

Working Set

Working set refers to the current number of bytes in this processed working set. Working set is the memory page set that was recently touched by the thread in the process. If the available memory on the computer is above the threshold, even if the page is not in use, it will remain in a processed working set. When the available memory drops below the threshold, the page is removed from the working set. If a page is needed, it will be soft-faulted back to working Set before leaving main memory.

Process

Working Set Peak

Working Set peak refers to the maximum number of bytes in the working set that is processed at any time.

Second, one of the perfmon features-performance Monitor

In Windows, Performance Monitor is implemented in the form of an administrative console (MMC) unit. In Windows Start-and-run box, enter Perfmon.msc to start Windows Performance Monitor, and you can see an interface similar to figure one. Performance Monitor is primarily used for real-time monitoring of specified system performance metrics, but these performance metrics records cannot be saved. If you want to save these performance logs, you can use the Counter log feature described later. Another feature of Performance Monitor is a non-real-time graphical representation of the log records generated by the counter logs. Stare at Performance Monitor to specify the monitored performance metrics item through the view current activity or when looking at log data feature item. In general, due to the limited display window size of the performance monitor, it is not appropriate to specify too many real-time monitoring items, otherwise the display in the window is difficult to highlight the items that need to be monitored. We can develop different real-time monitoring schemes according to different monitoring targets, each of which can be saved as a msmanagement Console (MSC) file.

Third, the Perfmon function of two--counter log

As mentioned in the previous function of System Monitor, System Monitor is mainly used for real-time monitoring of important performance indicators, it can not save the monitored performance Index history data. If you need to continuously sample the performance metrics of the system, you must use the Peofmon counter log function. The counter log records the specified system performance data in the log file, which can be viewed or processed with the other tools, which is useful for analyzing the health of the system for a certain period of time, or for performing management by third-party performance management tools.

To illustrate how to use counter logs, we will create a new log session. In the expansion console, under the Performance Logs and Alerts node, you can see the "Counter Log" node, right-click on the "Counter Log" node, select "New Log Settings", specify the name of the log settings, click "OK", the dialog box appears in Figure two, Here you set the counters to be recorded in the log (that is, the performance metrics that need to be recorded). Click the "Add Object" button to add all the counters of a monitoring object to the log record, or click the "Add Counters" button to add a single counter. The default save path for log files is the C:\perflogs directory, which can be modified under the log files item as needed when set. The format saved by the log file can be set to a text file, a binary file, and a SQL database record. Under the schedule item, you can set the start and close time schedule for the performance log, or you can set the specified action after the log is closed. We can develop different performance log schemes according to different monitoring requirements, each of which can be saved as an HTML file.

Third, the Perfmon function three--tracking log

The trace log feature of Perfmon can provide a trace of some important system events, or you can specify a trace for a particular application. The trace log is saved as a binary file (the default extension is. etl), and you can use TRACERPT to parse the log and generate a dump file in CSV format. This feature does not currently provide an intuitive configuration method to customize the tracking of specific applications, which must be achieved by editing the system's registry. This function is mainly used in the process of program debugging and fault analysis. Figure three is a custom tracking Log dialog box, under its "log file", "plan" item can set the log file storage path, file size limit, log start and stop plans and other items.

Iv. Perfmon four--alarms

The alerting function for Perfmon is to perform certain actions when a counter's performance data reaches the specified value, such as sending an email, sending a message with the NetSend command, or running the specified program. You can also specify that when an alert occurs, an event that is treated as a system is logged in the System event log, which makes it easy to use the Event Viewer to access the contents of the alert. Alarm indicator settings for alarms are the same as those for performance counters, and we can develop different alert strategies for different applications. Figure IV is an example of a custom dialog box that triggers an alert when the CPU's idletime is below 70%. In the Actions and | Schedule item, you can configure the specified action at the time of the alert, the start and stop action of the alarm setting, and so on.

V. The method of the Perfmon deployment

Performance monitoring of Windows systems requires high user rights, the default executable permissions for Perfmon are administrator users, and from system security considerations, administrators are not recommended as a daily monitoring user. Windows2000 Server provides a performance management user group that can establish a regular user of a system when it implements performance monitoring for that group.

Windows provides two deployment modes for Perfmon: local monitoring and remote monitoring. The default save path for log files generated by local monitoring is the C:\perflogs directory, which can be modified under "log files" as needed when set. The log files generated by local monitoring, in addition to the native Performance Monitor can be observed, can also be exported to the third-party monitoring and analysis platform. Remote Kamimachi monitoring can realize centralized sampling and monitoring of multiple monitoring targets in LAN, which is the premise that the trust relationship must be established between the monitoring host and the target host, and the corresponding remote access control is opened. Remote monitoring is difficult to monitor in an environment where access control is more stringent. Deployment of Permon should also consider the storage of log files, if you want to collect performance data for a long time, it is best to adjust the sampling interval, if the sampling interval is set too small, the log file will quickly increase.

There are two ways to manage Perfmon: console management and command line management. You can run Perfmon.msc to bring up the performance management console and develop and manage the console based on the monitoring policy. Another way to manage Perfmon is the command-line approach, which Windows provides a command ――logman that is designed to manage performance monitoring, not only to start and stop log sessions on the command line, but also to create new log sessions from the command line. For the use of the logman command, refer to the logman command guide.

There is another command to easily capture system performance data, but only to get the data, do not generate alarm and logging action. This approach is often used when using third-party software to monitor the performance of Windows systems. Windows provides a command to display the current performance metrics----typeperf. Use Typeperf to get all the indicator values of the previously mentioned perfmon. The standard output of the typeperf is a screen display, which we can output to a text file through the output redefinition and pass the resulting file to a third-party system. In this application, the action of Typeperf is managed by the third-party software as needed, or it can be started by scheduled tasks. For the use of the Typeperf command, refer to the Typeperf command guide.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.