locked
logs RRS feed

  • Question

  • Hi we want to collect logs of server through any windows O.S. as when cpu reach above 90% , RAM reach above 90% or HDD data full by 90%
    how to get that pls guide.
    • Moved by EntegyMVP Thursday, January 15, 2015 2:44 AM Wrong forum
    Wednesday, January 14, 2015 3:49 AM

Answers

  • Process Explorer is a great utility as it will show you a high level overview of what's gobbling up your RAM and CPU.

    I would recommend either Perfmon or Event Tracing for Windows (ETW)/Event Tracing Log (ETL), especially to troubleshoot this further.

    • Perfmon counters are good for long term monitoring, something that happens once every few weeks or days.

    • For short term magnifying glass inspection, use Windows Performance Recorder, a flagship recording tool written by and for the Windows product team.  If I'm not mistaken, its part of the Windows Performance Toolkit, is suite of tools (WPR, WPA and xperf), which it ships with Windows Assessment and Deployment Toolkit (ADK) and Windows Software Development Kit (SDK).


      I would use the following configuration as it will give you the call stack of every thread on the system, which is what you'll need for troubleshooting this further.

      Logging mode will write to nonpaged kernel pool memory.  The more memory available, the larger the ram buffer.  WPR writes constant data to the buffer then loops, overwriting when full.  This continues until you generate your ETL file.  WPR does not allow you to change the buffer size, its based on the amount of RAM on the system, like 10%.  For every 100MB of buffer you'll get about 1 minute of data - so figure something around 10-15 minutes of data.

    • Proposed as answer by FangZhou Chen Tuesday, January 27, 2015 2:36 AM
    • Marked as answer by FangZhou Chen Wednesday, January 28, 2015 1:47 AM
    Wednesday, January 21, 2015 12:49 PM

All replies

  • Hi,

    We need more detailed information to help you analyze your issue.

    What's the meaning of "we want to collect logs of server through any windows O.S."? Which log? Did you mean remote connect to Server from Windows Client? Which Server did you use?


    Karen Hu
    TechNet Community Support

    Friday, January 16, 2015 6:35 AM
  • if cpu utilization, memory utilization more than 90%  or hard disk space full more than 90% we should get logs of it.

    any type of log or how we can get this.

    Saturday, January 17, 2015 8:14 AM
  • Hi,

    We need to use process explorer to narrow down the culprit.

    Process Explorer v16.02

    http://technet.microsoft.com/en-in/sysinternals/bb896653.aspx

    In addition, we could perform a Clean install to test if it could caused by the third party software or service.

    How to perform a clean boot in Windows

    http://support.microsoft.com/kb/929135/en-us


    Karen Hu
    TechNet Community Support

    • Edited by Karen Hu Monday, January 19, 2015 9:31 AM update
    Monday, January 19, 2015 9:30 AM
  • but i want logs when & due to which service cpu reach above 90% , or ram reaches above 90% or hard disk space reach above 90%

    how we can get this

    Wednesday, January 21, 2015 10:35 AM
  • Process Explorer is a great utility as it will show you a high level overview of what's gobbling up your RAM and CPU.

    I would recommend either Perfmon or Event Tracing for Windows (ETW)/Event Tracing Log (ETL), especially to troubleshoot this further.

    • Perfmon counters are good for long term monitoring, something that happens once every few weeks or days.

    • For short term magnifying glass inspection, use Windows Performance Recorder, a flagship recording tool written by and for the Windows product team.  If I'm not mistaken, its part of the Windows Performance Toolkit, is suite of tools (WPR, WPA and xperf), which it ships with Windows Assessment and Deployment Toolkit (ADK) and Windows Software Development Kit (SDK).


      I would use the following configuration as it will give you the call stack of every thread on the system, which is what you'll need for troubleshooting this further.

      Logging mode will write to nonpaged kernel pool memory.  The more memory available, the larger the ram buffer.  WPR writes constant data to the buffer then loops, overwriting when full.  This continues until you generate your ETL file.  WPR does not allow you to change the buffer size, its based on the amount of RAM on the system, like 10%.  For every 100MB of buffer you'll get about 1 minute of data - so figure something around 10-15 minutes of data.

    • Proposed as answer by FangZhou Chen Tuesday, January 27, 2015 2:36 AM
    • Marked as answer by FangZhou Chen Wednesday, January 28, 2015 1:47 AM
    Wednesday, January 21, 2015 12:49 PM