Two Minute Drill: LOGMAN.EXE

Two Minute Drill: LOGMAN.EXE

  • Comments 20
  • Likes

Today we are continuing on with our Two Minute Drill series.  Our topic in this post is one that we discuss quite frequently with customers - namely the automation of creating Performance Monitor and Trace Logs.  Most administrators are comfortable creating Local and Remote Performance Monitor logs using the Performance Monitor MMC and the GUI tools.  However, there are some extremely powerful command line utilities that can be used to configure and capture Performance data.  Today we will be discussing the LOGMAN.ExE utility.  So without further ado ...

The LOGMAN.EXE utility can be used to create and manage Event Trace Session and Performance logs.  Many functions of Performance Monitor are supported and can be invoked using this command line utility.  Before we look at some examples of how to configure Performance logs using this utility, let's quickly cover some of the syntax.  Running LOGMAN /? from a command prompt brings up the first level of context sensitive help:

Basic Usage:  LOGMAN [create | query | start | stop | delete | update | import | export] [options].  The verbs specified determine what actions are being performed:

Verb Name Description
CREATE Create a new data collector
QUERY Query data collector properties. All data collectors are listed if no specific name is provided
START Start an existing data collector
STOP Stop and existing data collector
DELETE Delete an existing data collector
UPDATE Update the properties of an existing data collector
IMPORT Import a data collector set from an XML file
EXPORT Export a data collector set to an XML file

Running LOGMAN <verb> /? brings up context sensitive help for the verb specified.  There are also some options to be aware of:

Option Description
-? Display context sensitive help
-s <computer> Perform the command on the specified remote system
-ets Send the command directly to an Event Tracing Session without saving or scheduling

So now that we have our basic commands, let's take a look at how we can use LOGMAN.EXE for one of our most common scenarios - capturing baseline Performance data for a system.  We've discussed the importance of capturing baseline server performance data in several previous posts.  In our example, we are going to capture a binary circular performance monitor log that has a maximum size of 500MB.  The reason we are going to use a binary circular log is that we can record the data continuously to the same log file, overwriting previous records with new data once the log file reaches its maximum size.  Since this will be a baseline performance log that will be constantly running, we want to ensure that we can capture a significant data sample, and not have the log file being overwritten in such a short timeframe that useful data is lost.  Put another way, we want to set our capture interval up so that we do not overwrite our data too quickly.  For the purposes of this example, we'll set up our log to capture data every two hours.  We want to save our data to a log file, so we will need to specify a log file location.  Given that we want to capture baseline data, there is a good possibility that we want to use the same settings on multiple servers so we'll need to ensure that we can repeat this process with a minimum of administrative fuss ...

So, to recap, we are going to capture our baseline performance log that is:

  • a binary circular log that will be a maximum of 500MB in size
  • configured with a capture interval of two hours
  • saved to a file location
  • configured with standard counters so that we can capture consistent baseline data across multiple servers if needed

The one piece of this equation that we have not specified is which counters we need to capture.  One of the key reasons to use LOGMAN.EXE is that we can specify which counters we want to capture in a standard configuration file and then use that configuration across to configure our capture for multiple servers.  Creating the configuration file is fairly simple - we are going to create a .CONFIG file that enumerates the counters that we want to capture, one per line.  An example is shown below:

"\Memory\Available MBytes"
"\Memory\Pool Nonpaged Bytes"
"\Memory\Pool Paged Bytes"
"\PhysicalDisk(*)\Current Disk Queue Length"
"\PhysicalDisk(*)\Disk Reads/sec"
"\PhysicalDisk(*)\Disk Read Bytes/sec"
"\PhysicalDisk(*)\Disk Writes/sec"
"\PhysicalDisk(*)\Disk Write Bytes/sec"
"\Process(*)\% Processor Time"
"\Process(*)\Private Bytes"
"\Process(*)\Virtual Bytes"

These are some fairly standard Performance Counters.  Let's save this file as Baseline.config on a folder on one of our file servers.  Now we have all of the pieces that we need to configure and capture our baseline.

logman create counter BASELINE -f bincirc -max 500 -si 2 --v -o "e:\perflogs\SERVERBASELINE" –cf "\\<FILESERVER>\Baseline\Baseline.config"

Let's quickly examine the different elements of this command:
  • logman create counter BASELINE: This creates the BASELINE Data Collector on the local machine
  • -f bincirc -max 500 -si 2: This piece of the command specifies that we are creating a Binary Circular file, sets the Maximum Log file size to 500MB, sets the Capture Interval at 2 seconds
  • --v -o "e:\perflogs\SERVERBASELINE": In this part of the command, we turn off the versioning information, and set the Output Location and Filename.  The Performance Monitor log will be created with a .BLG extension
  • –cf \\<FILESERVER>\Baseline\Baseline.config: Finally, we point the LOGMAN utility to the location of our standard counter configuration file

Once we run this command, we can run LOGMAN.EXE and use the QUERY verb to ensure that our Data Collector has been created:

The last thing we need to do is start our Data Collector set.  There are a couple of options here - the first is to run LOGMAN.EXE START BASELINE from the command line.  This will launch the Data Collector.  However, when we reboot our system, the Data Collector will not run.  If you create a startup script to run the command above to start the Data Collector set, then you can capture your performance data from the time that the server starts.

Before we wrap up our post, here is another common scenario.  You can create a Data Collector set on a full installation of Windows Server 2008 or Windows Vista.  Then export that Data Collector Set configuration to an XML Template.  You can then use the LOGMAN.EXE command with the IMPORT verb to import that Data Collector set configuration on a Windows Server 2008 Server Core system, then use the LOGMAN.EXE command with the START verb to start the Data Collector Set.  The commands are below:

  • LOGMAN IMPORT -n <Data Collector Set Name> -xml <XML template that you exported>:  This will create the Data Collector Set named whatever name you choose when passing the -n parameter
  • LOGMAN START <Data Collector Set Name>: Start the Data Collection process.

Finally, here are two more sample commands where we use LOGMAN.EXE for gathering Performance Monitor data for troubleshooting:

High CPU Issue

logman.exe create counter High-CPU-Perf-Log -f bincirc -v mmddhhmm -max 250 -c "\LogicalDisk(*)\*" "\Memory\*" "\Network Interface(*)\*" "\Paging File(*)\*" "\PhysicalDisk(*)\*" "\Process(*)\*" "\Redirector\*" "\Server\*" "\System\*" "\Thread(*)\*"   -si 00:00:05

In this example, we have a capture interval of five seconds, with a Maximum Log size of 250MB.  The Performance Counters that we are capturing are fairly generic.

Generic Performance Monitor Logging

logman.exe create counter Perf-Counter-Log -f bincirc -v mmddhhmm -max 250 -c "\LogicalDisk(*)\*" "\Memory\*" "\Network Interface(*)\*" "\Paging File(*)\*" "\PhysicalDisk(*)\*" "\Process(*)\*" "\Redirector\*" "\Server\*" "\System\*"  -si 00:05:00

In this example, we are using a five minute capture interval - the rest of the parameters are fairly straightforward.  Remember that in both of these cases, you will need to use LOGMAN.EXE with the START verb and specifying the name of the Data Collector Set to begin the capture.  These samples work on all Windows Operating Systems from Windows XP onwards.

And with that, we come to the end of this Two Minute drill.  Until next time ...

- CC Hameed

Share this post :
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Hi,

    I'm reading this artical and it seems to say that the IMPORT/EXPORT options are supported in WinXP. I've tried that on my WinXP but it doesn't seem to recognize these verbs.

    Is there any specific component/version/SP/etc that I need to have in order to have that work?

    If you could answer to my email at tnguyen@ixiacom.com, I will greatly appriciate that.

    Thanks,

    Trang.

  • I created a performance counter log that queries some logical drive data from many systems, and I use logman to control when I'd like to collect the data.  I initially had 42 systems I collected data from. But recently I increased the number of the systems to 96, and I started to get the following error:

    C:\>logman start "DB Drive Space Monitor"

    Error:

    Collection "DB Drive Space Monitor" did not start, check the application event log for any errors.

    C:\>

    The counter log actually started OK, and the data collection went OK as well, with no error in the event log.  But why am I getting this error?  How can I stop it? It appears to be a scalability issue of the tool.

    Please assist.  Thanks.

    Ed

  • I am trying to limit the logs generated to some specific services only. i am using this line

    \Process(*my_service_name*)\ID Process but its generating the same logs with all the service names mentioned. any suggestions. Thanks a million

  • Great Article BTW!  I am having issues with the import not taking in the user account specified in the xml file, any thoughts?  It is currently defaulting to use a system account.  Thanks again...

  • We have a number of counters set up from one server to a series of other servers.  In order to ensure access across the domain to these servers, the counters have been set up with login credentials.  We have tried to schedule a script to run each morning and update the counters so that we can run them across a week without manually changing the counter schedule for each.  However, the script only works if the counters are run as <Default> otherwise it is looking for the login credentials.  Is there any way of supplying a login and password as part of the logman command line?

  • There is a slight mistake in the samples above.  He uses "-si 2" and states that it "sets the Capture Interval at 2 hours"; this is incorrect - it sets the interval to 2 SECONDS.

    If you look at the context help, it shows the si option as taking the following: -si <[[hh:]mm:]ss>

    Note that if just the number 2 is given, it is 2 seconds, not 2 hours.  Adding a second number (i.e. 02:00) means 2 minutes.  If you want 2 hours like in the sample, you need to specify 02:00:00

  • @ SteveDJ - thanks for pointing this out.  I've corrected the error!

    - CC

  • Hello,

    I've got a nightly batch file in place to stop my counters, zip them, move them, and then start them again.  The start command looks like this:

    logman -s P1CAS12 start "P1EXB01 - Exchange SP1" -v -cnf 4:00:00

    The command starts the counter fine, but the -cnf switch seems to be ignored.  -cnf = create new file, and it's set for 4 hours, but it doesn't work.  The counter runs all day until the nightly batch file stops it for the maintenance process.

    The problem is that this leaves me with a single 400MB log file, which is a nightmare to parse when troubleshooting.  We really need the switch to work and create a new file every 4 hours.

    The process works fine if I use the PERFMON GUI to start my counters using the Schedule tab and define the 4 hour interval.  But this needs to be automated.

    Any ideas why the -cnf switch isn't working right?

    Thanks!

  • Hi, What is the use of -r option? Can someone explain it with an example?

  • I've made a batch script, where during installation of the server (Windows 2003 or 2008) a counter log is created.

    On Windows 2008 it creates perfectly, but doesn't start even if the schedule is set ... so I've so start it manually.

    On Windows 2003 it creates perfectly and starts if the log file type ISEN'T binary circular file. If it's one of the other types it starts, but runs only for about 5 mins. even if I had set a max log on 100 MB and overwrite the file .....

    Any good ideas?????

    Hope so ... :o) Cheers ....

  • Can anyone give me a hint as Why my logman Import and export command is not working?

    The comand is as :

    C:\Windows\system32>logman import daily_perf_log  -xml "C:\PerfLogs\daily_log.x

    l"

    Error:

    Unspecified error

    Thanks,

    MafruhaUnited

  • How do I match logman counter interval  time and create new file on each interval of collection.

    My colde is like this, but it is not showing me the result I want to have.

    "-si 00:00:15 -cnf 00:00:15" does not work togather

  • How to run multiple counter log files using single command.

  • For anyone having the problem that MafruhaUnited was reporting, it's likely that you need to save the import file as Unicode instead of ANSI.

  • I was having the same problem Ed Sun had and it was just because the remote machine from which I was collecting the performance counters was too busy.