Performance Logs And Alerts In Windows XP Pro (Part II)

Trace Logs are something of an extension of the Event Viewer, in that they essentially track everything that the system does, but only after a specific event has occurred, such as a page fault or disk I/O. These events are tracked for a specified period of time, and each triggered trace log is stored in a separate file or in a single FIFO (first in, first out) bucket, which will reduce disk space and trend analysis capabilities accordingly. Generating a new log file for each event allows for both quick and enhanced viewing: simply looking at the number of logs generated over a period of time for a page fault might alert you that there is either paging or disk problems on the horizon. Looking at the trace data itself (which must be parsed for viewing) can glean additional specific information about the system at the time which the fault occurred.

Alerts are similar to trace logs in that they perform one or more tasks based upon a specific event occurrence, however, they offer more flexibility in the types of events that are available, and also the tasks that can be performed. Just like Counter Logs, Alerts are counter-based, and are generated once a set threshold has been met.

Once this threshold (or event) has been met, the system has some pretty powerful capabilities. First, it can generate an event in the Event Viewer (discussed below). It can also send a network message to someone (usually an administrator), or run a program (any program actually) that will page or email someone with information. The true value in the Alerts option lies in the fact that once a threshold has been met, it has the ability to start a Counter Log that has already been saved and configured to handle further monitoring after the event has occurred.

As an example, let’s say that page faults are running high, and an alert has been created based upon your pre-existing knowledge of what the norm is, and what you would perceive to be ‘high’ based upon the specific system. Page faults can be due to disk problems or memory problems. Following the road toward the process of elimination, you can set up an alert to subsequently trigger a counter log that monitors both disk and memory performance. The result is that with little or no intervention from you, you can then view the counter log and determine where the offender is, and take the appropriate actions.

[tags]performance log, XP Pro, baseline, track object, queue[/tags]