Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-5636: How to add performance counters for DirectAudit collector?

Auditing and Monitoring Service ,  

12 April,16 at 11:46 AM

Applies to: Centrify DirectAudit 3.2.3 and above


How to add performance counters for DirectAudit collector in Performance Monitor?


Starting from Centrify DirectAudit 3.2.3 (aka Suite 2015.1), audit-specific performance counters are installed automatically on the collector host when the collector is installed. Performance counters can be added to Performance Monitor for analyzing and resolving audit-related issues. Uninstalling the collector will automatically remove all the counters.

Below are detailed steps to add performance counters to Performance Monitor:

1. Log on to a computer with a collector service.

2. Click Start > Administrative Tools > Performance Monitor.

User-added image

3. Expand Monitoring Tools and select Performance Monitor.

4. Click the green plus (+) icon in the toolbar.

5. Find the DirectAudit Collector from the list, and expand it to show the list of available performance counters.

6. Choose the performance counter and click Add.

7. Repeat Step 6 until the all required counters are added.

8. Click OK.

User-added image

The performance counters generally fall into one of three categories: agent information, packet volume and data loads.

For example:

Adding the counter # Connected Agent - Admin will be able to view the number of agents currently connected.

Adding the counter # Unix Meta Message Packet 
- Admin will be able to view the number of Unix meta message packets.

Adding the counter Bytes Unix Command 
- Admin will be able to view Unix command data in bytes.

The performance counters can also be created and removed by the following command on the collector host: 

collector.config.exe /createcounter | /deletecounter

Note: Collector must be stopped prior to create or remove the counters.

Here is the list of new performance counters:

Connected Agent: Number of agents currently connected;
Connected Agent Peak: Peak number of connected agents;
Dropped Agents: Number of agents disconnected due to no timely status updates;
Agent Connect Event:  Number of agent connect events;
Agent Disconnect Event:  Number of agent disconnect events;
Transient SQL Errors: Number of transient SQL errors;
Request Connection Packet: Number of request connection packets received;
Request Ack Packet: Number of request ack packets received;
Collector Info Request Packet: Number of collector information request packets received;
Start Unix Session Packet: Number of “Start Unix session” packets received;
Continue Unix Session Packet: Number of “Continue Unix session” packets received;
End Unix Session Packet: Number of “End Unix” session packets received;
STDIN Packet: Number of Unix stdin data packets received;
STDOUT Packet: Number of Unix stdout data packets received;
Unix Window Resize Packet:  Number of “Unix window resize” packets received;
List Active Unix Session Packet:  Number of “List Active Unix session” packets received;
Unix Meta Message Packet: Number of Unix “Meta message” packets received;
Unknown Unix Packet: Number of unsupported packets received from Unix agents;
Bytes STDIN Sent: Number of Unix stdin  data bytes received ;
Bytes STDOUT Sent:  Number of Unix stdout data bytes received;
Unix Command: Number of Unix commands recorded in database;
Bytes Unix Command: Unix command data in bytes recorded in database;
Unix Snapshot: Number of Unix snapshots recorded in database;
Bytes Unix Snapshot: Unix snapshot data stored in database in bytes.