Navigation:  Monitoring with EventSentry > System Health Monitoring > Performance Monitoring >

Alerts

Performance alerts notify you when a specified performance counter exceeds your configured threshold by logging an event to the event log. But rather than notifying you immediately when the counter exceeds the threshold, you can configure a time period over which the counter needs to exceed the threshold, to avoid unnecessary alerts.

For example, you can be notified if the % of CPU usage is exceeding 80% over a period of 8 minutes. This means that you will not be notified if the CPU time spikes at 100% for 30 seconds.

Name

A descriptive name of the counter, this can be any name that makes sense to you.

Counter

This is the name of the actual performance counter, as exposed by the Operating System. You can either

Instances: If a performance counter contains the string (*) then this counter has instances. EventSentry will monitor all instances of a counter, unless excluded (see below). EventSentry will include the instance which exceeded the threshold when logging to the event log.

Exclusions

If a performance counter has instances (e.g. Process(*)\% Processor Time) then you may exclude unneeded instances. You can specify multiple instances by separating them with a comma.

For example, the Process(*)\% Processor Time performance counter also includes the Idle instance which is always near 100% (since it shows the unused CPU time) and the _Total instance which measures that total amount of CPU time from all applications. You will probably want to exclude both of these instances when monitoring this counter by setting this field to Idle,_Total.

Divide value by # of logical processors

Checking this box will divide the value returned by the performance subsystem by the number of installed logical processors. This feature is only intended to be used with performance counters that measure processing time in percent.

For example, if a process is using more then one CPU, then the "Process(*)\%Processor Time" counter reports the total amount of CPU usage across all processors, resulting in a number > 100. Checking this box ensures that the value reported by EventSentry is relative to number of installed CPUs.

Polling Interval

The polling intervals determines how often EventSentry will retrieve the value of the selected counter from the OS. Since there is overhead associated with monitoring performance counters on a system we recommend choosing a value that is not too low and not too high. We recommend monitoring volatile counters (e.g. CPU time) every 10 seconds, and monitoring more static counters (e.g. available memory) every 30 seconds.

Enable Alert

Check this box to enable performance alerts. Alerts are always written to the event log, and you will need an event log filter to forward these events (alerts) to an actual notification, such as email.

Log to Event Log as

Specify under which severity you want this alert to be logged to the event log. Please note that EventSentry will log an event when the counter exceeds the threshold and when the counter is back below your configured threshold.

Threshold Setting

Specify your alert settings here. You can be notified if the counter value is below, exceeds, falls below, is between or is not between a threshold.

Time Interval

The configured time interval determines how long the counter value needs to exceed your threshold before an alert is written to the event log.

For example, if you set the time interval to 10 minutes, but the counter value only exceeded the threshold for 8 minutes the no alert will be written to the event log.

Embedding Charts

When checked, EventSentry creates a PNG chart from the data collected during the configured time interval (e.g. 30 minutes), and embeds it as the binary data in the event. The EventSentry agent will then attach the embedded binary data as an image to any emails that include the performance alert. As such, this feature is only useful when performance alerts are matched by at least one filter that emails events. The chart includes an automatically calculated trend line in orange.

Maximum Notification

By default (Notify at most every is unchecked) EventSentry will only log an alert if the previous state of the counter was in a non-alerted state, that is if the alert status changes. Having Notify at most every unchecked is the preferred setting for most scenarios.

Maximum Notification not set (default)

For example, if you set the time interval to 10 minutes and the performance counter exceeds the threshold for 40 minutes, then you will still only be notified once (after the initial 10 minutes have passed). If the counter however falls back below the threshold however and then jumps back up after some time, then you will be notified again.

The chart below shows this visually: EventSentry only logs one alert at 2:30, all the subsequent alerts are considered to be part of the first alert and are thus not generated. The alert is cleared at 3:50.

Maximum Notification set

If you check the Notify at most every checkbox however and set a time interval, then you will be notified every time this interval has elapsed if the performance counter continues to be in an alerted state. The alert will only stop when the performance counter is back below the threshold.

The chart below shows the same example as above with Notify at most every set to 1 hour. Since the monitored value is still in an alerted state, EventSentry will log another error at 3:30 and clear the alarm at 3:50.