Performance Counter Monitors in SAM
As described in Work with component monitors, SAM includes several "component monitor types" that use various methods to focus on elements such as services, logs, or processes. Performance Counter Monitors are component monitors that tally specific elements of applications, Windows services, SolarWinds services, logs, processes, and so on.
For example, the following templates include component monitors which are Performance Counter Monitors that count various values:
- AppInsight for Active Directory includes an LDAP Client Session component monitor that counts the number of current LDAP client sessions.
- Exchange 2016 Hub Transport Role Counters (Advanced) includes Messages Received and Messages Sent component monitors.
- Windows Print Services 2016 includes Job Errors, Jobs, and Jobs Spooling component monitors.
Note the following details that apply to most component monitors categorized as Performance Counter Monitors:
- The statistic displayed for a component monitor in the Orion Web Console is either:
- The current performance counter value, or
- The difference in query values between polling cycles, if the Count statistic as difference option is enabled.
- WinRM is the default transport method for WMI-based component monitors, but you can configure a preferred Fetching Method to collect data from target nodes.
- Starting in SAM 2020.2.6, you can reduce polling by disabling specific fallback methods for Performance Counter Monitors, either within a specific application monitor or at the template level. If the selected protocol fails, no fallback occurs.
- Performance counters are assumed to exist within the root/CIMV2 namespace.
If you create a custom Performance Counter Monitor in the Component Monitor Wizard, you'll be prompted to provide several values, as described next.
A default description of the monitor. To override the default description, add to or replace existing text. Changes are automatically saved. The variable to access this field is
Customize descriptions to specify what will be monitored so related alerts and notifications are more meaningful later.
Identifies the component type as a Performance Counter Monitor.
Determines whether the component is enabled. Disabling a component leaves it in the application in a deactivated state does not influence either SAM application availability or status.
Credential for Monitoring
Select a Windows credential that can access the target node with rights to do what the component monitor needs to do. This is typically a Windows administrator-level credential.
This option changes the statistic to be the difference in counter values between polling cycles. It only applies to monitors whose counter value increases consistently during each polling interval. Examples of when this option is not applicable include cases such as the following:
- Counter values sometimes increase and sometimes decrease from one polling interval to another (typical behavior for many counters)
- Counter values consistently decrease from one polling interval to another
If this option is not applicable, negative data values are replaced with zero (0). The counter monitor shows 0 as the statistic data value in related widgets and 0 as the value on statistic data charts for this interval.
Enter the name of the performance counter. For example:
Enter the instance name of the performance counter. For example:
If the performance counter has multiple instances, you can monitor each instance separately by creating a Performance Counter Monitor for each instance. For example, the performance counter
% Processor Time has two instances if you have a dual-CPU system:
0 for the first CPU and
1 for the second CPU. You can create a separate Performance Counter Monitor to monitor each instance of the counter.
Enter the category of the performance counter.
All performance counters are assumed to exist within the root/CIMV2 namespace. For example:
Select the "Yes, convert returned value" option to display fields where you can select a common function or enter a custom formula. The Custom Conversion option provides basic arithmetic operators (+, -, *, /), plus built-in mathematical functions for more advanced conversions. See Convert values in data transformations for SAM component monitors.
Configure the method used to gather data. For details, see Choose a fetching method for Performance Counter Monitors in SAM.
Starting in SAM 2020.2.6, you can save time and reduce polling by disabling specific fallback methods for Performance Counter Monitor, either within a specific application monitor or at the template level. If the selected protocol fails, no fallback occurs.
WinRM Authentication Mechanism
If the SAM WinRM toggle is enabled for application polling on the Orion server and target nodes, select an authentication method for the connection. The default setting is Negotiate.
- Default: Specifies the transport to use for WS-Management protocol requests and responses: HTTP or HTTPS. The default is HTTP.
- Digest: User name and password are required. The client sends a request with authentication data to an authenticating server, usually a domain controller. If the client is authenticated, then the server receives a Digest session key to authenticate subsequent requests from the client.
- Negotiate: The client sends a request to the server to determine the protocol to use for Simple and Protected Negotiation (SPNEGO) authentication, which can be either:
- Kerberos for domain accounts, or
- NTLM for local computer accounts
- Basic: User name and password are required, as sent via HTTP or HTTPS in a domain or workgroup.
- Kerberos: User name and password are required for mutual authentication between the client and server, using encrypted keys. The client account must be a domain account in the same domain as the server. When a client uses default credentials, Kerberos is the authentication method if the connection string is not one of the following: localhost, 127.0.0.1, or [::1].
- NtlmDomain: User name and password are required for NTLM authentication. The client proves its identity by sending a user name, password, and domain name.
- CredSssp: User name and password are optional. The Credential Security Support Provider (CredSSP) lets an application delegate the user credentials from the client to the target server for remote authentication. The client is authenticated over the encrypted channel by using the SPNEGO protocol with either Kerberos or NTLM.
Specify a threshold that indicates a warning or critical level was breached. Logical operators are in the drop-down field, followed by a blank field where you can enter a value for the threshold. For example:
Less than 15 for warning,
Less than 5 for critical. See Application Monitor Thresholds.
Add notes for easy reference. You can access this field by using the variable,