Set up event subscriptions in Windows Server 2008

Set up an event subscription between two Windows Server 2008 systems

Open the Reliability and Performance Monitor console, right-click on Data Collector Sets > User Defined, and create a New > Data Collector Set. Name the Data Collector and choose to Create manually (Advanced).

-- click image to enlarge --


After clicking Next, choose the types of data to collect. Select Create data logs, and Performance counter here.

-- click image to enlarge --


In the next screen, click Add and select performance counters to monitor. At the top of the screen you can select counters from computers other than the local computer. For each computer you wish to monitor, enter the counters into the same Data Collector Set. So, for example, if you plan to monitor three counters on three machines, nine total elements will be added to the Data Collector Set.

-- click image to enlarge --


Once you’ve added the counters, select a sufficiently long sample interval. Smaller intervals provide more granular data, but they take more resources to capture. With more remote computers being sampled, a longer sample interval is often necessary to prevent overloading the server collecting the samples. A good sample interval may be as long as ten minutes per sample, providing round-the-clock sampling with relatively little impact.

-- click image to enlarge --


Choose where to save the data being collected – and name the sets clearly enough to avoid confusion later.

-- click image to enlarge --


Finally, either choose to start the data collector set immediately or open it again to enter additional properties.

-- click image to enlarge --


Monitor multiple machines with one Data Collector Set
1. From within the Event Log on your management server, click on the Subscriptions node. A window will appear that asks if you want to enable the Windows Event Collector Service. Click Yes to start the service and configure it to automatically start with the computer. This enables the management server to collect events from other computers.

-- click image to enlarge --


2. Next, from a command prompt on both the management server as well as any other windows servers you wish to collect events from, enter the command winrm quickconfig. This enables the Windows Remote Management service, sets its initial network configuration, and prepares it for use by the Event Log.

-- click image to enlarge --


3. Computers that will be sending events to each other must have the proper authentication in place first. Do this by adding the computer account for your management server to the Administrators group on all windows servers you wish to collect events from. This may require a reboot. Finally, back on your management server, right-click the Subscriptions node and choose to Create Subscription. In the dialog that opens enter in the necessary information that scopes the type of data you want to collect, how the data will be transferred, and any advanced settings that relate to the speed in which events are transferred.

-- click image to enlarge --


So, what counters should I monitor?
With many hundreds of performance counters available, one of the biggest headaches in setting them up can be simply determining which counters are useful. Distilling the available counters down to just those that will help you with troubleshooting process can challenging but in actual fact, only a few of the available counters are truly necessary for monitoring entire-server performance. There are other counters that you’ll find useful when these entire-server counters alert you to problems that may be occurring on the server, but you don’t need to run them all of the time.

Consider these few as a good starting point for monitoring on all of your windows servers:

Processor \ % Processor Time.
This counter is the overall measurement of when a windows server is actively processing useful work. It measures when the processor is doing something other than the System Idle Process. When this counter is high, this means that the processor is actively processing useful work and you have efficient utilisation; it’s only a concern if users complain of poor server performance that corresponds with periods of high processor use. However, when this counter spikes to 100% – or 50% in a dual-processor system – it can mean that one process is consuming an entire processor’s resources and needs attention.

System \ Processor Queue Length.
This counter shows how many instructions are currently “in line” for attention by the processor. When this counter goes much above zero, it is often an indication that the processor cannot keep up with the workload you are asking it to perform. A high count here can indicate that you need either a faster processor or fewer services running on the server.

System \ Context Switches / Sec.
A context switch occurs when a processor “switches” between which waiting instructions it is processing. As processors are only able to process a single instruction at a time, context switches give the illusion of multitasking. High levels of context switches are problematic, because of the resource overhead involved with swapping out what the processor is working on. In situations where too many actions are being required out of the processor at the same time, this can be a very high number. Typically, you’ll see very high figures with very old applications or on Terminal Servers where many users are running many processes at once.

Memory \ Available MBytes and Memory \ Pages / Sec.

These counters are useful for determining memory use on the server.
When a server processes its workload, it loads elements into memory for processing. When that memory begins to fill up, pages are swapped out of RAM to the disk. Since the disk subsystem is significantly slower than solid-state RAM, swapping usually involves a reduction in overall performance. Thus, the count of Available MBytes should be a number greater than zero, while the count for Pages / Sec should be a relatively low number.

When these counters are in those ranges, this means that the server has the correct amount of RAM assigned to it, and it isn’t requiring more memory than available physical RAM. In virtualisation environments where memory can be dynamically assigned to servers, it is often a best practice to manage the count for Available MBytes to be relatively close to zero as well. This means that the exact amount of memory required to perform that server’s workload has been assigned to the server, while none is wasted and sitting idle.

You can usefully add other counters for the disk subsystem and networking as necessary. For servers with large amounts of data storage and retrieval, the disk subsystem can often be a significant bottleneck. In environments that do not use gigabit networking, it is possible for the network to be a bottleneck to performance as well. Keep an eye on these to spot problems, so you can have solutions to suggest when customers want to improve performance.


Key Windows Server Resources

Remote Desktop Enable Utility
You can enable Remote Desktop remotely by changing a registry key on each machine, or using this utility.

Concentrated Technology | PowerShell
Find plenty of information on PowerShell, how it works for remote administration, as well as links to available books and other learning materials. index.php/category/powershell/

Share |
Write comment
security image
smaller | bigger



Subscribe and get the magazine in the post before it's online

Subscribe and get access to all of the back issues

To read a sample eMagazine - March 2010



Microsoft is prone to push features as 'in Windows Server' when they're restricted to a specific edition; find out exactly what's in which edition and what's new as opposed to just updated in this short and clear list. read more


Unified communications


The #1 Bestseller for Only 77p