We are often asked at Support questions such as, “How do we use Logentries to monitor Windows performance stats?” or “Can Logentries get alerts based on CPU utilization on Windows?” The simple answer is yes, with the help of our Logentries Agent for Windows and PowerShell we can.

Here is a 5 minute tutorial to get you monitoring your CPU, Memory and Disk Space with Logentries.

Installing the Logentries Agent

You will need an account to follow this tutorial, if you dont have an account yet, sign up now. It’s quick, easy, and free!

Scroll down to the “Installation” section here and choose the Windows tab. Next download and install the agent on your Windows server.

Setting up a PowerShell script

Create a new script called monitor.ps1 on your Windows server and add the following text.

# Current Load as a percentage
$load = (Get-WmiObject win32_processor | select -exp LoadPercentage)

# Memory Usage as a percentage
$memory = (Get-WmiObject win32_operatingsystem | Foreach {"{0:N2}" -f ((($_.TotalVisibleMemorySize - $_.FreePhysicalMemory)*100)/ $_.TotalVisibleMemorySize)})

# Free Disk as a percentage
$disk = (Get-WmiObject Win32_Volume -Filter "DriveLetter = 'C:'" | Foreach {"{0:N2}" -f (($_.FreeSpace / $_.Capacity)*100)})

$d = "load=$load | memory=$memory | disk=$disk"

$file = "C:\Users\Administrator\Desktop\monitor.log"

if ((Get-Item $file).length -gt 5Mb) {
Remove-Item $file
}

$d | Out-File $file -Append utf8

We use Windows Management Instrumentation (WMI), a component on Windows machines aimed at managing local and remote computers and collecting information, to get the current load, memory and free disk as a percentage and write it out to a file at C:\monitor.log

As sample output of the command is as follows:

load=5 | memory=36 | disk=29

Make the script run every X mins

Having a script that can get this information is all and good, but we need a way for it to run in the background automatically. To do this we’ll set up a task using Windows Task Scheduler to make our script run every 5 minutes and gather our system information.

Follow these steps to open and set up Task Scheduler:

  1. Click the Start button
  2. Click Control Panel,
  3. Click System and Security
  4. Click Administrative Tools
  5. Double-click Task Scheduler
  6. If you’re prompted for an administrator password or confirmation, type the password or provide confirmation

To schedule a program to start automatically:

  1. Click the Action menu, and then click Create Basic Task.
  2. Type a name for the task and an optional description, and then click Next.
  3. On the following screen, choose Daily as the schedule you want to use, and then click Next.
  4. Click Start a program
  5. The program/script we want to use run is powershell.exe with an argument specifying the location of your script
    Monitoring Windows with Logentries
  6. Click Next then, finish
  7. You will get a prompt to edit it your script further, choose yes
  8. We will schedule our task to run daily, but to repeat every N minutes. In the image below we repeat the task every 1 minute. this can be adjusted to your own specification.

Monitoring Windows with Logentries

Using the Windows Logentries Agent to follow the file

We will now make the Logentries Agent follow your file by opening the Windows LE Agent, clicking follow file and pointing it to the location of the file that is being appended to above. (In the example we used C:/monitor.log)

Using our Tags & Alerts to monitor the Windows Server

Log into your account at https://Logentries.com. You should see your Windows server in the list of hosts with a log being followed called “monitor.log”. Here is where the real power of Logentries comes in, we’re going to Create a Tag / Alert called windows_load which will match the string load and a value that is greater than 80:

  1. Click on the Tags & Alerts tab.
  2. Select or create a label for this pattern match: load>80
  3. Choose your log: monitor.log which this tag will be applied to

Monitoring Windows with Logentries

Next we will create the alert, which is used to notify you via email, webhook or via the Logentries iPhone app:

  1. Simply press the “Add Alert” button at the bottom of the screen
  2. Start filling out the form
  3. Select the frequency of which the notification will trigger
  4. Select how often you wish to be alerted
  5. Insert an email which you want the notification to be sent to when this event occurs

Once complete you will have a monitoring system on your Windows machine which will alert you whenever your load, disk or memory usage is above the given threshold.