The Performance Logs And Alerts Snap-In
The Performance Logs And Alerts snap-in provides you with the ability to create counter logs, trace logs, and system alerts automatically from local or remote computers.
Counter Logs
Counter logs record sampled data about hardware resources and system services based on performance objects and counters in the same manner as System Monitor. Counter logs collect performance counter data in a comma-separated or tab-separated format for easy import to spreadsheet or database programs. You can view logged counter data using System Monitor or export the data to a file for analysis and report generation.
Trace Logs
Trace logs collect event traces that measure performance statistics associated with events such as disk and file I/O, page faults, and thread activity. Event tracing measures activity as it happens, eliminating the inaccuracies of MCTS sampling. When the event occurs, either the default system data provider (the Windows kernel trace provider) or a nonsystem data provider designed to track these events sends the data to the Performance Logs And Alerts service. The data is measured from start to finish, rather than sampled in the manner of System Monitor. This differs from the operation of counter logs; when counter logs are in use, the service obtains data from the system when the update interval has elapsed, rather than waiting for a specific event. Because running trace logs of page faults and file I/O data incurs some performance overhead, you should log this data only for brief periods.
Most new hard disk controllers support simultaneous file I/O to multiple hard disks. If you have multiple physical hard disks available on an Active Directory domain contoller, you should place the Active Directory database on a separate physical hard disk than the operating system files. Doing so improves the performance of Active Directory. Further, separating the Active Directory log files from the Active Directory database increases performance. You can do this with Ntdsutil, as you’ll see in the Troubleshooting Lab in this chapter.
Active Directory nonsystem data providers include those for Net Logon, Kerberos, and SAM. These providers generate trace log files containing messages that can be used to track the mcse training operations performed.