Windows server monitoring with Netdata

Effective Windows Server Monitoring

If you are a Windows System Administrator or developer you know how important it is to monitor your Windows Servers and make sure they’re up and running, smoothly.

And you also know that sometimes things go south and your servers go kaput leaving you in the dark as to what really went wrong.

• Was it that rogue process that ate up all the CPU cycles?
• Did your server hit a memory bottleneck and start swapping like mad?
• Or maybe there was a disk error or a network glitch that you missed?

Effective Windows server monitoring requires the following:

1. Collect key metrics: A mechanism to collect the key metrics that measure the performance, health, and activity of the server, such as CPU usage, memory consumption, disk space availability, network traffic, service status, application performance, security events or configuration changes.
2. Visualize data meaningfully: A solution that displays the collected data from the server in a clear and meaningful way. This can help visualize trends, patterns, correlations or outliers that may affect the server performance or availability. And also help compare different servers or time periods to identify any changes or issues.
3. Alert and notify: Alerting and notification mechanisms that inform system administrators of any critical or urgent situations that require their attention or action. These mechanisms can help prevent or minimize downtime, data loss, security breaches or performance degradation by sending timely and relevant alerts via email or other methods.
4. Understand the baseline: Understand the normal or expected behavior of each metric collected from the server. This can help identify any deviations or anomalies that may indicate a problem or an opportunity for improvement.

Effective Windows server monitoring can help you improve server reliability and availability by reducing crashes and outages. It also enables you to monitor resource utilization and application performance to ensure that your server is not overloaded or underutilized, and also compare different servers or time periods to identify any opportunities for improvement

How can Netdata help?

Now that you have learned about the benefits and best practices of effective Windows server monitoring, you might be wondering how to implement it in practice. This is where Netdata can help you.

Netdata is a comprehensive monitoring solution that can be used to monitor and troubleshoot various aspects of your infrastructure including servers, VMs, Network, Disks, K8s and a wide variety of applications (databases, gateways, web servers etc.) In addition to Linux, Unix based systems and MacOS, Netdata can also monitor Windows Servers.

• System level metrics: Netdata can automatically gather system level metrics related to the operating system, network, storage, processes and more.

• Packaged application metrics: Netdata can automatically gather operational and other performance metrics from packaged application running on the server, including popular applications such as SQL Server, IIS, Active Directory, .NET Framework and more.

• Ready to use dashboards: Netdata automatically organizes and correlates all the information in ready to use dashboards.

• Data retention: Netdata maintains a long history of all this data, automatically applying tiering (recent data are high-fidelity - per second - losing granularity as time passes) to keep storage costs low.

• Machine Learning: Netdata trains a machine learning model for every single metric it collects, this allows Netdata to predict the expected range of response time values in the next data collection.

Configure Netdata to monitor Windows

The recommended way to monitor Windows Servers using Netdata is through the Prometheus Windows Exporter tool, which is a native agent that runs on each host and exports metrics which Netdata then collects, stores and visualizes.

To set up Netdata to monitor one or more Windows servers follow these steps:

1. Install Windows Exporter on every Windows host you want to monitor.

• Navigate to the releases page of the Windows exporter Github repository and download the msi corresponding to the latest release (At the time of writing this, it is v0.21.0)

• Double click the installation file and install it after ignoring the statutory warning.
• The installer exits without any completion message so if you want to confirm that it worked, just visit http://localhost:9182/metrics and if everything worked it should be populated with metrics

• This is great, but how do you make sense of all that data? That’s where Netdata comes in.

2. Sign up for a free account at Netdata Cloud and copy the installation command.

3. Install Netdata agent on a Linux node.

4. Configure Netdata to collect data remotely from your Windows hosts by adding one job per host to windows.conf file. See the configuration section for details. Here’s an example:

     jobs:
       - name: win_server1
         url: http://203.0.113.10:9182/metrics
   

Virtual Nodes

Netdata’s new virtual nodes functionality allows you to define nodes in configuration files and have them be treated as regular nodes in all of the UI, dashboards, tabs, filters etc. For example, you can create a virtual node each for all your Windows machines and monitor them as discrete entities. Virtual nodes can help you simplify your infrastructure monitoring and focus on the individual node that matters.

To define your Windows Server as a virtual node you need to:

• Define virtual nodes in /etc/netdata/vnodes/vnodes.conf

  - hostname: win_server1
    guid: <value>
  

  Just remember to use a valid guid (On Linux you can use uuidgen command to generate one, On Windows just use the [guid]::NewGuid() command in PowerShell)

• Add the vnode config to the Windows monitoring job we created earlier, see the higlighted line below:

    jobs:
      - name: win_server1
        vnode: win_server1
        url: http://203.0.113.10:9182/metrics
  

That’s it! You can now enjoy real-time charts and alerts for your entire Windows infrastructure. You can also identify each Windows host as a separate node in Netdata Cloud.

Optionally:

• If you ONLY want to see Windows metrics, you can disable all plugins except for go.d in netdata.conf
• If you require high availability, please follow the instructions to set up replication. For production use-cases it is recommended to have high availability.

For more information on configuration or the metrics collected, please refer to the documentation.

If you have followed the steps so far, you should now see Windows monitoring on the Netdata UI:

Note: The only currently native way to install Netdata on Windows is to use the Netdata MSI installer which runs Netdata in a custom WSL deployment. However WSL was not designed for production environments, so we do not recommend using the installer or WSL in production.

Monitoring Windows Server metrics

Let’s dive a little deeper into some of the key metrics to monitor on your Windows Server. To do the monitoring you can use tools like Task Manager, Performance Monitor, or if you want a single pane of glass for all your monitoring needs you can just use Netdata.

Resource usage can vary depending on factors such as:

• The number and type of processes and applications running on the server
• The configuration and optimization of the server
• The workload and demand of the server
• The hardware specifications and capacity of the server

Monitoring resource usage can help you:

• Identify processes or applications that are consuming a lot of resources
• Detect potential performance issues or bottlenecks caused by high usage
• Optimize or troubleshoot processes or applications that are causing high usage
• Plan for capacity or scalability needs based on utilization trends

Here are just some of the important server metrics you should keep an eye on:

• CPU

CPU usage is a measure of how much of the CPU’s processing power is being used by the server. The CPU is responsible for executing instructions and calculations for various processes and applications running on the server. The higher the CPU usage, the more work the CPU is doing.

• Memory

Memory usage is a measure of how much of the physical memory (RAM) is being used by the server. The memory is responsible for storing data and instructions for various processes and applications running on the server. The higher the memory usage, the more data and instructions are stored in memory.

• Network

Network usage is a measure of how much of the network bandwidth is being used by the server. The network bandwidth is responsible for transmitting and receiving data between the server and other devices on the network. The higher the network usage, the more data is being transferred over the network.

Monitoring the TCP stack on a Windows server involves checking the status and performance of the network connections and protocols that enable communication between the server and other devices. TCP monitoring can help identify network issues, such as latency, packet loss, congestion, or errors.

• Processes

Monitoring processes on a Windows server involves checking the activity and resource consumption of the programs that run on the server. Process monitoring can help optimize the performance and efficiency of the server and detect any anomalies or malfunctions.

Netdata monitors all of the metrics we mentioned and a lot more, to see the full list of metrics please check out the documentation.

If you are more of a visual learner and want to try it out yourself, check out the Windows monitoring rooms on Netdata’s demo space (no login required).

Monitoring applications running on Windows

While monitoring and understanding server metrics is the foundation of effective Windows server monitoring, it is not sufficient on its own. The next step is arguably more important and that is to monitor application performance because, at the end of the day, the Windows server is a platform for running various applications that provide essential services and functions for your business.

Monitoring lets you ensure that your applications are running fast and smoothly without any delays or errors. You want to identify any bottlenecks or issues that may affect the user experience or the business outcomes. You also want to ensure that your applications are always up and running without any downtime or interruptions. You want to detect any failures or outages that may affect the service delivery or the business continuity.

Some applications that are commonly run on Windows Servers are:

• IIS: Internet Information Services (IIS) is a web server that hosts websites and web applications. It supports various protocols, languages and frameworks such as HTTP, HTTPS, FTP, ASP.NET, PHP and more.
• SQL Server: SQL Server is a relational database management system (RDBMS) that stores and retrieves data for your applications. It supports various features such as transactions, replication, backup and recovery, security and more.
• Exchange: Exchange is an email server that handles email communication and collaboration for your organization. It supports various features such as calendars, contacts, tasks, webmail and more.
• .NET Framework: .NET Framework is a software development framework that enables you to create and run applications using various languages such as C#, VB.NET, F# and more. It provides various libraries and services such as Windows Forms, WPF, ASP.NET MVC, WCF, Entity Framework and more.
• Active Directory: Active Directory is a directory service that manages users, groups, computers and other objects on your network. It supports various features such as authentication, authorization, policies, replication and more.

Netdata enables you to monitor all of these applications on Windows Server effectively, but we will not be going into their details in this article. If you want to learn more about how to monitor these applications with Netdata, please click on the links above.

Troubleshoot with Machine learning

Netdata uses unsupervised machine learning to detect anomalies across all metrics, of all nodes, out of the box. If you want to know if any of your Windows metrics or applications are (or were) behaving abnormally just enable the anomaly view on any Netdata chart OR visit the Anomalies tab to explore anomalies across your infrastructure.

Here is a quick video walkthrough of how to get started using the Anomaly Advisor. You can find more related videos on this playlist from our YouTube channel.

One of the benefits of monitoring both application metrics (such as requests response time errors etc.) and server metrics (such as CPU, memory, disk, network etc.) is that you can correlate them to get a deeper understanding of your Windows infrastructure.

For example you can see how CPU utilization affects response time, how disk throughput affects database queries, how network bandwidth affects web requests etc.

You can also see how different applications interact with each other on the same server or across different servers.

Correlating application metrics and server metrics help you identify root causes,troubleshoot problems, optimize performance and improve availability of your Windows infrastructure.

By using Netdata for Windows monitoring and troubleshooting, you can quickly identify and resolve issues and optimize your Windows application performance