Exercise 3: Windows Server Monitoring Tools
Overview
In this exercise, you use a Virtual Machines from the lab environment, ADDSVM1, to execute several monitoring tasks, by walking through different server monitoring tools.
Time Estimate
20 minutes
Task 1: Working with the Windows Event Log
In this task, you will examine events in the Windows Event Log and then create a custom view over a subset of the logs that you will define.
1. From Server Manager, select Tools in the upper right menu. From the list of options, select Event Viewer. (Another approach is typing “event viewer” from the Start Menu)
2. Browse through the different logging sections in the left part of the console window, where it says Windows Logs, Applications and Services Logs,…
3. Select Windows Logs, and select Application. This opens the Application Log in the middle section. Scroll through the list of logged events, and notice for each event several details are listed:
– Level (Information, Warning, Error)
– Date & Time
– Source
– Event ID
– Task Category
4. Also note that for each line selected in the Application Event Log, a more detailed section is shown at the bottom of the window, sharing a more detailed description of the event.
5. Notice the Action Section at the right of the Event Viewer window. Click on Filter Current Log…
6. From the Filter selection window, mark the Critical and Warning Event Level options.
7. Press OK to confirm your filter selection.
8. Note the long list of Application Event logs has now changed to a much shorter list, only showing warning and/or critical event log messages.
Note: the output of events might be different on your specific system
9. From the Action section, this time, select “Save filter to custom view…“.
10.
Complete the Custom View settings popup with the following information:
– Name: All Warnings
– Description: Filtered view of all warnings
11.
Press OK to confirm the settings and getting the custom view created.
12.
From the left hand menu, notice the Custom View section, where the All warnings filtered view is saved and can be used.
Event filtering can be used on several other event items, like Event ID, Event sources, Keywords and alike…
13.
Close Event Viewer.
In this task, you examined events in the Windows Event Log and then created a custom view over a subset of the logs that you defined.
Task 2: Monitoring and Managing Processes using Task Manager and Resource Explorer
In this task, you will use the Windows Task Manager and Resource Manager to investigate active processes in real-time.
1. From the Server’s Start Menu, look for Task Manager. (Another option is right-clicking on the Windows Toolbar and selecting Task Manager).
2. When Task Manager opens, click on More Details. This opens the more detailed view of the application, showing a detailed list of active running processes.
3. From the list of running processes, look for Spooler SubSystem App. Click on the “>” to show more details about the Windows Service related to this process.
4. Rightclick the process, which opens a context menu. From here, click End task. This will abruptly stop the process. Where it is recommended to always try and stop a running process from the Services option to allow for a graceful stop, “End task” is a possible way of forcibly stopping a hanging process or a process that is consuming a lot of CPU and/or memory.
5. From the Task Manager Window, select the Performance tab. Notice the CPU, Memory and Network bandwidth statistics.
6. From the bottom of the Performance window, click on Open Resource Monitor.
7. This opens Resource Monitor, showing a combination of graphical and numeric statistics of running processes, as well as details on the running processes themselves.
8. Browse through the different tabs Overview, CPU, Memory, Disk, Network, to become familiar with the outcome and how you can use it when troubleshooting your system.
9. Close Resource Monitor.
10.
Close Task Manager.
In this task, you used the Windows Task Manager and Resource Manager to investigate active processes in real-time.
Task 3: Monitoring Windows Server Performance using Performance Monitor
In this task, you will use the Windows Performance Monitor to monitor various aspects of system performance.
1. From the Windows Start Menu, type “Performance Monitor” and open the application.
2. From the menu bar, click the green + sign, which opens the add counters window.
3. Browse through the list of available counters, understanding they are available for both applications and systems components. Scroll down through the Memory section. Highlight the Memory section, which selects all counters for this category.
4. Press the Add>> button below, to add all Memory counters to the graphical window.
5. Notice all counters have been added to the graphical window below, giving each counter a specific and different color.
6. Wait a few seconds for the graph to load the different counters, and see the different line bars on the graphical roster.
7. Close Performance Monitor.
In this task, you used the Windows Performance Monitor to monitor various aspects of system performance.
Summary
In this exercise, you used a Virtual Machine from the lab environment, ADDSVM1, to execute several monitoring tasks, by walking through several different server monitoring tools available in Windows Server 2016.