Setting a local perfmon in a Windows client or Windows Server.


Applies to:
Windows Server 2012 R2
Windows 8.1
Windows Server 2012
Windows 8
Windows Server 2008 R2
Windows 7
Windows Server 2008
Windows Vista

First published: May 16, 2015

 

From your 64-bit Windows Vista/Server 2008/7/Server 2008 R2/8/Server 2012/8.1/Server 2012 R2:

Step 1.  Make sure that you have the latest hotfixes that are Perfmon related installed.

TIP:  Include these hotfixes in your base image.

 

Step 2.  Make sure that WMI is working properly

 

Step 3.  Setup the two perfmon’s, one short interval and the other one, long interval.

Long-interval:
==========
Start, CMD (Run as admin)
logman.exe create counter %ComputerName%_long_interval -f bincirc -v mmddhhmm -max 350 -c "\Cache\*" "\IPv4\*" "\LogicalDisk(*)\*" "\Memory\*" "\Netlogon\*" "\Network Interface(*)\*" "\Paging File(*)\*" "\Per Processor Network Activity Cycles(*)\*" "\Per Processor Network Interface Card Activity(*)\*" "\Processor(*)\*" "\Processor Information(*)\*" "\PhysicalDisk(*)\*" "\Process(*)\*" "\Physical Network Interface Card Activity(*)\*" "\Redirector\*" "\SMB Client Shares\*" "\SMB Server Shares(*)\*" "\SMB Server Sessions\*" "\Server\*" "\Server Work Queues(*)\*" "\System\*" "\VM Memory(*)\*" "\VM Processor(*)\*" "\TCPv4\*" -si 00:05:00

Note:  I personally like to capture all the counters and instances.  The reason is, I cannot tell you how many times, where I was looking at a perfmon, that I went, ok, the bread crumbs lead this way, let me look at that counter, just to find out, it wasn’t collected.  And then having to wait for the problem to reoccur.

Note 2:  You could change the interval for the long from to -si 00:05:00 to anything depending on how long you want to capture.  For more info on the sample interval that you need to choose, check out:  How often should Perfmon Sample?

logman.exe start %ComputerName%_long_interval
< reproduce the issue>
logman.exe stop %ComputerName%_long_interval

Short-interval:
==========
logman.exe create counter %ComputerName%_short_interval -f bincirc -v mmddhhmm -max 350 -c "\Cache\*" "\IPv4\*" "\LogicalDisk(*)\*" "\Memory\*" "\Netlogon\*" "\Network Interface(*)\*" "\Paging File(*)\*" "\Per Processor Network Activity Cycles(*)\*" "\Per Processor Network Interface Card Activity(*)\*" "\Processor(*)\*" "\Processor Information(*)\*" "\PhysicalDisk(*)\*" "\Process(*)\*" "\Physical Network Interface Card Activity(*)\*" "\Redirector\*" "\SMB Client Shares\*" "\SMB Server Shares(*)\*" "\SMB Server Sessions\*" "\Server\*" "\Server Work Queues(*)\*" "\System\*" "\VM Memory(*)\*" "\VM Processor(*)\*" "\TCPv4\*" -si 00:00:05

logman.exe start %ComputerName%_short_interval
< reproduce the issue>
logman.exe stop %ComputerName%_short_interval

 

More information:

============

An alternative method, when you want to enable ‘local perfmon’s’ from a ‘remote machine’:

Setting a remote perfmon Windows Server 2012 style…

 

*  If you use my colleague Clint Huffman’s Performance Analysis of Logs (PAL), the “base” performance is named “System Overview”.

 

How to setup an in-flight recorder:

Comments (2)

  1. Anonymous says:

    Applies to: Windows Server 2012 R2 Windows 8.1 Windows Server 2012 Windows 8 Windows Server 2008 R2 Windows

  2. Anonymous says:

    Hi all, There are at least three (3) methods of enabling a perfmon log using logman.   Method Description

Skip to main content