A server running a Server Core installation of Windows Server 2008 could behave flaky from time to time. Monitoring it gives clues towards this behavior and/or provides insight in why it behaves flaky. I've taken a closer look at monitoring Server Core boxes from the command line and want to share my experiences with you on this matter today.

Task Manager

The Task Manager is a perfect utility to monitor your Server Core in a way that has been familiar since Windows 95. You can start it in any of three ways:

1. Press the Ctrl, Alt and Del keys at the same time and select Start Task Manager from the list.
2. Press the Ctrl, Alt and Esc keys at the same time
3. Type taskmgr.exe on the command prompt

It can be used to monitor:

• Running applications and tasks
• Processes
• Services
• Performance (CPU and RAM usage)
• Networking
• Logged on users

The Task Manager is perfect, but unfortunately it lacks on a couple of points:

• It has no logging
• It doesn't include disk space monitoring

This is on full installations of Windows Server where the Performance Monitor comes in.

Performance Monitor

The graphical version of the Performance Monitor is not part of Server Core. Fortunately there is a command line driven version available, which can be used to monitor your Server Core box from the command line. It's called logman.exe

Even though logman.exe is a command line tool it's a really impressive monitoring tool, since it can collect counter, trace, alert, configuration and  API tracing collectors. It supports many functions of Performance Monitor from the command line. The two great things logman.exe lacks are the ability to draw graphs and to point-and-click your queries together.

Selecting counters

To select a counter to monitor using logman.exe you need to know the name of the counter to add. logman.exe however doesn't provide this functionality. Fortunately typeperf.exe does.

To find a performance counter to monitor type the following command: typeperf.exe /q This will display a list with (installed) counters without instances. To list the performance counters with their instances type: typeperf.exe /qx

The list of performance counters is extensive, but using the find command on the output might help narrowing down what you're looking for. For instance, when you're looking for performance counters related to disk, type the following command to display disk-related performance counters:

typeperf.exe -q | find "Disk"

Narrowing down my search criteria, by executing find commands consecutively on the -qx option for typeperf.exe, I finally found the disk-related performance counter instance I was after (\PhysicalDisk(0 C:)\Disk Transfers/sec) using the following command:

typeperf.exe -qx | find "PhysicalDisk" | find "Disk Transfers/sec"

Building the data collector

Now that I found the performance counter I was after I can build the data collector.
My intention is to have a csv file with transfers/sec for the last few days, collected every 5 seconds. Your needs may vary, but the process to build your data collector would be identical.

logman.exe create counter DiskTransfers -f csv -c "\PhysicalDisk(0 C:)\Disk Transfers/sec" -max 10 -si 5

Where:

• DiskTransfers is the name of the data collector within logman.exe
• -f csv specifies the file format of the log for the data collector
• -max 10 specifies the maximum file size of the log file in MB
• -si 5 specifies the sample interval in HH:mm:ss format

Viewing the data collector

Now that we created the data collector we can view the collector. When you start logman.exe without any command line switches it will output defined data collectors and their state. As you'll find out freshly created data collectors are not started automatically.

The properties for a data collector (besides whether it is actually doing anything) can be viewed using the query command line switch. To view the properties of my freshly created data collector (the first on my Server Core box) I used the following command:

logman.exe query DiskTransfers

Starting the data collector

What use is a data collector when it's sitting idle on your box? Let's start it up, so it starts collecting the stuff it is supposed to be collecting by using the following command:

logman.exe start DiskTransfers

Modifying the data collector (if need arises)

After you've created a data collector you can edit its properties by using the update command line switch. Deleting can be done using the delete switch. Both commands use the name of the data collector within logman.exe as their starting point for modification.

Using collected data

While working in black prompt windows might be enough to baffle your co-workers it won't impress your boss much. What will really impress him (or her) is showing you're on top of things by staring endlessly at nifty excel graphs you created within seconds. 🙂

In my case I pulled the DiskTransfer_000001.csv file from the C:\Perflogs\Admin folder of my Server Core box and worked some Microsoft Office Excel magic on it.

Other tools and products

Disk usage (du.exe)

One of the many useful free Windows SysInternals tools is Disk usage (du.exe), which is currently at version 1.3.1. This tool is capable of reporting disk space usage for the directory you specify. By default it recurses directories to show the total size of a directory and its subdirectories.

Using du.exe is as simple as downloading the zip file and unzip it to a location where your Server Core box can reach it. There are several ways to accomplish this. After you've copied it to the hard disk of your Server Core box you can use it in the following manner:

du.exe [[-v] [-l ] | [-n]] [-q] FileOrDirectoryPath

Where:

-l specifies the subdirectory depth of information
-n tells du.exe not to recurse folders (only information on current folder)
-q specifies not to print the banner
-v specifies to show information in intermediate directories

Examples:

du.exe -v -q C:\Perflogs

Note:
The first time you run the utility you need to agree with the End User License Agreement (EULA) before you can use this tool.

While this command will output its information to the prompt it can be told to output to a file. Scheduling the command then might prove useful to monitor disk usage and act proactively on disk usage trends.

Process Explorer

The built-in Task Manager has evolved over the past years. It now includes networking information for instance. Process Explorer is a free Windows SysInternals tool that offers even more realtime monitoring functionality. It can be used to search for thread handles and running DLLs and can explore individual processes: You can see events, files, devices, and registry keys being accessed.

If Process Explorer is one of your favorite tools you can trade in your Task Manager for Process Explorer in the following manner:

1. Download Process Explorer (1.6 MB) (currently at version 11.13)
2. Unpack the zip file and get the executable onto your Server Core box.
3. Open Process Explorer by typing procexp.exe
4. Click the button 'Agree' when presented with the End User License Agreement (EULA)
5. In the Process Explorer window open the Options menu
6. Select Replace Task Manager.

You can now start procexp.exe the same way you would start taskmgr as described at the beginning of this post.

Concluding

The Task Manager (taskmgr.exe) and the Performance Monitor are perfect tools to monitor a Windows installation locally, but unfortunately the latter is not part of Server Core. You can find another tool on your Server Core hard disk that's useful for monitoring though: logman.exe

Further reading

Description of the Windows XP Logman.exe, Relog.exe, and Typeperf.exe Tools
Windows Process monitoring with Windows Process Monitor
Replace Task Manager with the more powerful Process Explorer
Windows SysInternals – Disk Usage v1.31
Windows SysInternals – Process Explorer v11.13
Getting installation files onto Server Core
Monitoring performance from the command line
Four Ways To Open Task Manager
TechNet Forums – Basic Commands for Monitoring Windows 2008