Universal Logging System

Use win_watch to gather a number of state and performance values from the WMI and the .NET interface of the W*ndows operating system of the current computer and generates a file with the results using the ULS Value File Format.

The performance values are taken as snapshots of the System.Diagnostics.PerformanceCounter and each is saved to a file for differential calculations at the next run of the script. (if applicable, depends on the counter type).

All services are tracked and stopped services defined as “auto” may automatically be restarted. Services may be excluded. But you may expect a [much] longer runtime of the win_watch script, if services need to be restarted. See also Performance Counter.

The configuration file allows customizing of execution parameters. See also the annotations in the delivered win_watch.conf. Description in order of appearance:

win_watch.conf

#
# win_watch.conf - configuration file for win_watch.ps1
#

# -------------------------------------------------------------------
#   Name of the ULS teststep where the script runtime information is found 

IDENTIFIER = _win_watch
  
# -------------------------------------------------------------------
# Where to place log files and files with intermediate results 

WORK_DIRECTORY = C:\TEMP\WIN_TOOLS


# -------------------------------------------------------------------
# Name and port of the ULS-Server 

ULS_SERVER = 10.1.2.3:11976
  
# -------------------------------------------------------------------
# Directory, where to write the ULS value file 

ULS_DIRECTORY = C:\TEMP\ULS

# -------------------------------------------------------------------
# Enter the complete path to the send2uls.exe executable.
# If not set, nothing is transferred to ULS.
# The files are always placed in the ULS_DIRECTORY.

# SEND2ULS = C:\ADMIN\WIN_TOOLS\send2uls.exe
# for HTTPS connections use:
SEND2ULS = C:\ADMIN\WIN_TOOLS\send2uls.exe -S


# -------------------------------------------------------------------
# The name of the server to be used in ULS 
# You only need to set this, if you have a cluster and 
# you want to use a clustername instead of the real
# computername, which is the default.

# ULS_HOSTNAME = 
# ULS_HOSTNAME = WVXP3073B

# -------------------------------------------------------------------
# Section to be used in the ULS 

ULS_SECTION = Windows


# -------------------------------------------------------------------
# OPTIONS
#
# -----
# OPTION_NETWORK_DRIVES = yes
# Attached disk shares will be checked for size and usage.
# Local disks are always checked.

NETWORK_DRIVES = yes

# -----
# Set SERVICES=yes if you do want information or actions
# concerning services. The default is NO.

SERVICES = yes

# -----
# Restart the automatic services if they do not run.
# no (default) / yes

AUTO_SERVICES_RESTART = yes

# -----
# If AUTO_SERVICES_RESTART=yes is specified, you may exclude the list of 
# services (internal names!!! Dienstname) from being restarted. 
# Use the property / Eigenschaften to find the internal name of a service.
#
# Some services do have a start mode auto but terminate after some time/actions.
#
# Use show_services.ps1 to generate a list of all available services
# on the destination computer.
#
# You may use wildcards in the <serviceX>, the comparison in the script
# is done by using "-like".
#
# NEVER_RESTART_SERVICES = <service1>, <service2>, <se*ice5>...

NEVER_RESTART_SERVICES = Browser,clr_optimization*

# -----
# There will always be data sent to the ULS if a service is restarted. 
# Set this option to "yes", if you want to send all information about 
# all services to the ULS.

SERVICE_INFOS_TO_ULS = yes


# -------------------------------------------------------------------
# Performance Measurements
#
#  Specify the categories, performance counters and, if applicable, 
#  the instance filters for the performance measurements. Run the 
#  script perf_counter_categories.ps1 to generate an html file with all
#  available performance categories and counters on the destination computer.

# Currently supported counter types:
#    CountPerTimeInterval*
#    NumberOfItems*
#    RateOfCountsPerSecond*
#    Timer100Ns
#    Timer100NsInverse

# PERFxxx = <category> | <counter 1> [ , <counter 2>, <counter 3>, ...]  [ | <instance_filter> ]
# The <instance_filter> is applied thru a "if $instance -like <instance_filter>" comparison.
#

PERF010 = Processor | % Idle Time, % Processor Time, % User Time, % Privileged Time, Interrupts/sec | _Total

PERF020 = Network Interface | Bytes Received/sec, Bytes Sent/sec

PERF030 = Server | Files Open, Server Sessions, Errors System, Errors Access Permissions

PERF040 = LogicalDisk | Current Disk Queue Length, Disk Read Bytes/sec, Disk Write Bytes/sec

# PERF042 = ...
# PERF222 = ...

# -------------------------------------------------------------------
# Formatting of teststep for ULS

# Set up the format of the service teststeps in ULS
# "__name__ (__displayname__)" is the default. 
# __name__        := the internal name of the service
# __displayname__ := the name of the service as shown in the service
#                    list to the user in the W*ndows' gui (localized).

SERVICE_ULS_TESTSTEP_FORMAT = __name__ (__displayname__)


# -------------------------------------------------------------------
# APACHE
#
# Monitor Apache Mod-Status and grep statistics like:
# Total Accesses, Total kBytes, Uptime, ReqPerSec, BytesPerSec,
# BytesPerReq, BusyWorkers, IdleWorkers
#
# Set APACHExx = <section> | http://<HOSTNAME>:<PORT>/<PAGE>
# e.g.
# APACHE09 = Apache [PROJECT] | http://localhost:80/server-status?auto
#
# Define as much as you like.

# Set to "yes" if used
# APACHE_MOD-STATUS = yes

# APACHE01 = Apache [VHOST1]|http://localhost:81/server-status?auto

Specify more if you like , see Performance Counter Categories to find out how to get information about all performance counter categories on the current computer.

Check also the delivered win_watch.conf for more information.

You can start the “win_watch” manually as any user (although you may need some privileges to access all operating system objects):

win_watch.bat

C:\> cd C:\ADMIN\WIN_TOOLS\
C:\ADMIN\WIN_TOOLS> win_watch.bat

The log and work value files are placed in directory which is defined as WORKING_DIR in the win_watch.conf, the default is “C:\TEMP\WIN_TOOLS”.

Use Scheduled Tasks and activate the script “C:\ADMIN\WIN_TOOLS\win_watch.bat” (or whatever other name or path you have chosen). Have it executed e.g. every 10 mins.

When was the last reboot of the computer and how many hours is that ago.

The usage of all disks on that computer, probably also the usage of attached storage disks. Different disk drives are identified by its drive letter (like C:).

The eventlog is covered in win_eventlog.

General information about the computer, its cpu, manufacturer and operating system. Note: this currently does probably not work on virtual box guests (Ticket #6361 - Win32_BaseBoard WMI Class Not Available, see https://www.virtualbox.org/ticket/6361).

Usage of all page files like e.g. “C;/pagefile.sys”. Note the ';' instead of a ':', that is because ULS uses the ':' as hierarchy separator in teststeps.

A number of performance counters are already defined in 'win_watch.conf'. You can define additional performance counters, see also Performance Counter Categories.

In the description below, you will find abbreviated descriptions of the official W*ndows counter descriptions.

Performance metrics about logical partitions of hard or fixed disk drives. Different disk drives are identified by its drive letter (like C:).

Performance metrics about the rates at which bytes and packets are sent and received over a TCP/IP network connection of a network interface. Several network interfaces are possible.

Processor activity of each cpu or core and in total (_Total).

Some Performance metrics concerning the communication between the local computer and the network.

Information about the physical memory of the computer.

The state of all services for all services, e.g. Alerter. Stopped services with start mode “auto” may be restarted automatically. Exceptions may be defined.

That is the space on the hard disk of the computer (paging file(s)) where data from RAM is moved to if physical memory gets low.

Meta information to the execution of the monitoring script. Note that the name may differ because it is configurable in the 'win_watch.conf'.

I am not quite sure about the calculations of some counter category types, mainly the exotic ones. So, if anyone finds a bug or a resource of information about the counter categories which are not covered, please let me know.