This rule raises an alert when there is an alarming trend in the increase of out of memory problems in machines with a given amount of installed RAM in the enterprise
Low Memory
The Memory Leak Diagnoser component of Windows Resource Exhaustion Detection and Resolution (RADAR) provides information about applications that are diagnosed as having memory leaks.
You must review these applications to determine if their linear increase in memory usage represents a true memory leak or if it is expected behavior.
Enable Memory Leak Diagnosis
To enable the Memory Leak Diagnosis:
Click Start, click in the Start Search box, type gpedit.msc, and then press ENTER. MMC will start with the Local Group Policy Editor open.
In the navigation tree, expand Computer Configuration, expand Administrative Templates, expand System, expand Troubleshooting and Diagnostics, and click Windows Memory Leak Diagnosis.
In the console pane, right-click Configure Scenario Execution Level, and then click Properties.
On the Setting tab, click Enabled, and then click OK.
Verify that the Memory Leak Diagnoser is enabled
To verify that the Memory Leak Diagnoser is enabled:
Click Start, click in the Start Search box, type gpedit.msc, and then press ENTER. Microsoft Management Console will start with the Local Group Policy snap-in open.
In the navigation tree, expand Computer Configuration, expand Administrative Templates, expand System, expand Troubleshooting and Diagnostics, and double-click Windows Memory Leak Diagnosis.
In the console pane, right-click Configure Scenario Execution Level, and then click Properties.
On the Setting tab, verify that Enabled is selected.
Target | Microsoft.SystemCenter.DataWarehouse | ||
Category | EventCollection | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Normal | ||
Remotable | True | ||
Alert Message |
|
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.Windows.Client.Win8.SQLProvider | Default |
GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Microsoft.Windows.Client.Win8.ComputerGroup.MemoryTrendsRAM" Target="SCDW!Microsoft.SystemCenter.DataWarehouse" Enabled="true" ConfirmDelivery="true" DiscardLevel="60" Remotable="true" Priority="Normal">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Microsoft.Windows.Client.Win8.SQLProvider">
<Query>
SELECT 1, Result.RAM
FROM Win8.vWin8MemoryHealthAggregationRAM AS Result
WHERE (SELECT SUM(NumComputers)
FROM Win8.vWin8MemoryHealthAggregationRAM AS ThisWeek
WHERE ThisWeek.RAM = Result.RAM
AND DATEDIFF(day, ThisWeek.DateTime, GETUTCDATE()) <= 7
GROUP BY ThisWeek.RAM
)
>= 1.2 *
(SELECT SUM(NumComputers)
FROM Win8.vWin8MemoryHealthAggregationRAM AS LastWeek
WHERE LastWeek.RAM = Result.RAM
AND DATEDIFF(day, LastWeek.DateTime, GETUTCDATE()) <= 14
AND DATEDIFF(day, LastWeek.DateTime, GETUTCDATE()) > 7
GROUP BY LastWeek.RAM
)
GROUP BY Result.RAM
</Query>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>1</Severity>
<AlertMessageId>$MPElement[Name="Microsoft.Windows.Client.Win8.ComputerGroup.MemoryTrendsRAM.AlertMessage"]$</AlertMessageId>
<AlertParameters/>
<Suppression>
<SuppressionValue/>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>