How do you setup Server 2008 for PAL analysis or to use built in Data Collector Set Reports?

Mar 29, 2012 at 5:29 PM

For years I have been using the following batch file to setup what I call the Black Box (flight recorder) on Server 2003. It setup round robin Perfmon log, containing one minute snapshots of counters fed to it by dropping a particular counter file on it. Then any time an event occurred, I am able to take the Perfmon log (usually containing many days worth of history) and process it through PAL to get it's opinion on the matter.

Now that we are moving to Server 2008, I would like to setup a similar system in 2008. Either using the 2008 Data Collector Set Reporting or PAL (or both). The problem I am having is creating the Round Robin log of counter snapshots, every minute. I would love for them to contain at least a days worth of data and be purged off at some good balance between drive space and available history.

Is anyone else doing anything like this? Is there a better way?

Any help would be greatly appreciated.



@REM SetupBlackBoxLogging.bat
ECHO Configures and starts a continuously running perfmon log that functions like an airplane's flight recorder.
ECHO The first parameter can be an alternative Counter File.
ECHO You can even drag-n-drop a counter file on to this batch file.
ECHO Resulting logs can be interpreted with PAL (Performance Analysis of Logs)

SET CounterFile=%~dp0Counters_SystemOverview.txt
IF NOT '%1' == '' SET CounterFile=%1
LOGMAN stop Blackbox -fd
NET STOP SysmonLog
MKDIR C:\BlackBox\
CACLS C:\BlackBox /E /T /G "NT AUTHORITY\NetworkService:C"
LOGMAN delete Blackbox
LOGMAN create counter BlackBox -o "C:\BlackBox\Blackbox_%computername%" -cf "%CounterFile%" --v -si 00:01:00 -f bincirc -max 250
SCHTASKS /Delete /TN BlackBox /F

ECHO @REM StartBlackBoxLogging.bat > "%SystemRoot%\StartBlackBoxLogging.bat"
ECHO PUSHD C:\BlackBox\ >> "%SystemRoot%\StartBlackBoxLogging.bat"
ECHO IF Exist Blackbox_%computername%_3.blg DEL Blackbox_%computername%_3.blg >> "%SystemRoot%\StartBlackBoxLogging.bat"
ECHO IF Exist Blackbox_%computername%_2.blg REN Blackbox_%computername%_2.blg Blackbox_%computername%_3.blg >> "%SystemRoot%\StartBlackBoxLogging.bat"
ECHO IF Exist Blackbox_%computername%.blg REN Blackbox_%computername%_1.blg Blackbox_%computername%_2.blg >> "%SystemRoot%\StartBlackBoxLogging.bat"
ECHO IF Exist Blackbox_%computername%.blg REN Blackbox_%computername%.blg Blackbox_%computername%_1.blg >> "%SystemRoot%\StartBlackBoxLogging.bat"
ECHO LOGMAN start Blackbox >> "%SystemRoot%\StartBlackBoxLogging.bat"
ECHO POPD >> "%SystemRoot%\StartBlackBoxLogging.bat"

SCHTASKS /Create /TN BlackBox /TR "%SystemRoot%\StartBlackBoxLogging.bat" /SC ONSTART /RU SYSTEM
SCHTASKS /Run /TN BlackBox

Apr 10, 2012 at 3:51 AM

The binary circular log file syntax for Logman.exe is the same in both Windows Server 2003 and in Windows Server 2008 R2 (WS08R2). The part that I've had problems with is that the Data Collectors on WS08R2 don't automatically start after the creation of it. Try adding a "Logman start BlackBox" just after the create command.

May 21, 2012 at 10:27 PM

In that third block of code, you will see I am building a batch file on the server; that first rolls the circular log file to prevent it from being overwritten (I see there is now -a parameter for appending in 2008) following a reboot, then it does the Logman Start. I then create a scheduled task using an OnStart trigger to run that batch file. Then, rather than waiting for the next reboot, I start the scheduled task.

The setup batch file runs beautifully on 2008 and I see the log file growing by the minute.  However, when I attempt to use the created log file as a data source I receive the following error:

Data source C:\BlackBox\Blackbox_ServerName.blg is either invalid or cannot be found.  System message: Unable to read counter information and data from input binary log files.

May 22, 2012 at 1:41 AM

Seems to work when I set the format to a normal binary file ( -f bin ) and wait for the file to grow to a certain size, but not when it is a bincirc and csv.

May 24, 2012 at 9:32 PM

I believe is this a known issue with Logman.exe due to the format. In any case, never use text logging (*.csv or *.tsv) for counter logs. Text based counter logs are not able to expand the schema to record new counter instances that come and go such as counter instances of the Process object. For example, if you recorded in CSV and recorded the counter \Process(*)\*, then only the processes that existed when the counter log was started will be in the log. All processes that come and go after the log started will not be in the counter log. When you use binary (*.blg), then all of the counter instances that come and go will be recorded. Always use binary (*.blg) logging!