How to Quickly Analyze your Windows Server 2008 Performance Monitor Logs

Ever have a performance problem, but don’t know what performance counters to collect or how to analyze them? The PAL (Performance Analysis of Logs) tool is a new and powerful tool that reads in a performance monitor counter log (any known format) and analyzes it using complex, but known thresholds (that are provided). The tool comes out-of-the-box with some predefined thresholds defined as high according to the Microsoft consulting/development but those can be adjusted to whatever you like.

The tool generates an HTML based report which graphically charts important performance counters and throws alerts when thresholds are exceeded. The thresholds are originally based on thresholds defined by the Microsoft product teams and members of Microsoft support, but continue to be expanded by this ongoing project. This tool is not a replacement of traditional performance analysis, but it automates the analysis of performance counter logs enough to save you time.

Features

  • Thresholds files for most of the major Microsoft products such as IIS, MOSS, SQL Server, BizTalk, Exchange, and Active Directory.
  • An easy to use GUI interface which makes creating batch files for the PAL.vbs script.
  • A GUI editor for creating or editing your own threshold files.
  • Creates an HTML based report for ease of copy/pasting into other applications.
  • Analyzes performance counter logs for thresholds using thresholds that change their criteria based on the computer’s role or hardware specs.

Usage
The PAL tool is primarily a VBScript that requires arguments/parameters passed to it in order to properly analyze performance monitor logs. In v1.1 and later of PAL, a GUI interface has been added to help with this process.
In order to use PAL you need to install the tool (see download links below), and 2 additional tools from Microsoft – Log Parser 2.2 and Microsoft Office Web Components 2003. Note that you need this download EVEN IF YOU’RE USING Office 2007!
After installing, you run PAL from the Start menu and begin your analysis. Needless to say you will need to first capture some logs in order to “feed” them to PAL…
In order to capture the right counters from your server you can either use the counters you are knowledgeable of, or, in case you forgot which counters you should use, open PAL, select the correct pre-configured threshold file, and click on Edit. You’ll see a list of pre-defined counters, which you can also manually edit if you wish to.
 
Now open Performance Monitor on the required server and navigate to Performance Logs and Alerts > Counter Logs.
Right-click Counter Logs and select New Log Settings. Give the new log a descriptive name, and then begin to add counters and objects as required. These counters will be captured on the server and used by PAL to analyze the system’s performance.
 
You also need to define the interval for the capture (do not use a 1 second interval unless you really have to, as it will have a negative performance effect on the server).
 
When done, start the new log.
 
As stated above, PAL comes with a set of some threshold templates for AD, System Overview, IIS, SQL, Exchange and so on. You point the app at the performance log you’ve captured, choose a threshold template that best suits your needs, answer some questions, add the form and execute.

Back in PAL, choose the right threshold file and answer the file’s specific questions on the bottom part of the window.
 
In step 3, select the right analysis interval. I used AUTO.
In step 4, click on the Add Form Settings to Batch File button. Now click Execute.
 
 
 
Once it completes it generates a webpage with the analysis information you desire. The webpage shows you alerts for activity that it finds suspect and graphs for the different areas of interest.
 
Looking at my results I can clearly see that my server is having some performance issues.
 
 
 
BTW, this capture was performed on a VM running with very modest hardware settings, so no wonder the results were so poor…

Requirements

Operating Systems – PAL runs successfully on all of the following operating systems: Windows XP SP2, Windows Vista, and Windows 2003 Server. Also, PAL is 32-bit only due to the OWC11 requirements.

Downloads

Use the following links to get PAL and the required additional files:
PAL v1.2 (current as of February 2008)Performance Analysis of Logs (PAL) Tool http://www.codeplex.com/PAL/Release/ProjectReleases.aspx?ReleaseId=10274
Log Parser 2.2
Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory. PAL uses the Log Parser tool to query perform logs and to create charts and graphs for the PAL report.http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&DisplayLang=en
Microsoft Office Web Components 2003Log Parser requires the Office Web Components 2003 in order to create charts. You need this download EVEN IF YOU’RE USING Office 2007!http://www.microsoft.com/downloads/details.aspx?FamilyID=7287252c-402e-4f72-97a5-e0fd290d4b76

Training:

Watch online at: http://www.livemeeting.com/cc/microsoft/view?id=JKGT3N

Further Reading

Performance Analysis of Logs (PAL) ToolBrad Rutkowski’s Blog : Hey Admins! Taking some of the pain out of analyzing perfmon captures.