Using MSSQL log collector (Lazylog )

Available in Classic and VPC

Introduction

MSSQL Log collector (LazyLog) overview and required content

Log collector overview [Must Read]

When running SQL Server, it is very important to collect the settings of the monitored server, the query performance of the program, the event log of the server, and the baselines of the performance counters.
Without this baseline data, it can take a long time to determine whether the current service is normal (or different from yesterday). Therefore, Naver Cloud deploys the SQL Server log collector program. The collected data is required data for failure analysis or performance analysis (Windows performance counter, Windows event log, SQL error log Agent log, query syntax, query execution plan, Pending, lock, etc. required DMV snapshot).

Log Collection Console application (LazyLog) supports SQL Server 2008, 2012, 2014, 2016, and as far as server resources allow, it supports unlimited destination servers, multiple SQL instances, and multiple databases. You can run multiple log collector programs on one server at the same time. You can separate the folders and run them separately. Grouping similar server groups together makes it easier to determine whether they are normal by comparing server settings or resource usage. Therefore, it is recommended that you isolate and configure the objects appropriately. If you monitor multiple monitored SQL servers in a single group, you can also use it as a Windows service program. (After Setup is complete, run Setup.exe and edit the settings file to start the service).

LazyLog accesses target server based on user defined value (SqlLogManManager) to collect specific data, and automatically deletes data that exceeds the storage period.
If you set the collection period too short, it can save a lot of logs and make the database for data storage very large, or the collection program may malfunction. Therefore, you should adjust the collection period and set the data storage period appropriately. It is also recommended that at least 3GB of free memory is left for the program to run. (This extra free memory is the memory that you need to reserve in addition to the memory you need to leave in the OS when you run SQL Server.) The log collection program temporarily stores data received from multiple monitored servers in memory and Bulk Insert them into the SQL Server repository database.

If the managed SQL server is very important, you will not want the application to be installed on that SQL server. LazyLog is developed to be able to collect all data remotely and can also monitor a local SQL server. The program is collecting and analyzing logs for dozens of SQL servers performing several TB capacity and tens of thousands of Batch Requests per second. Windows impersonation and SQL authentication are supported for remote logon and data collection. It requires proper permissions and firewall opening to remotely read performance counters and event logs.

Windows authentication (Active Directory or WorkGroup) must be used to collect Windows performance counters and event logs, and Windows authentication and SQL authentication are supported for SQL Server status monitoring. (SQL authentication is recommended, and SQL authentication is set as default.) You must create and use an encrypted value through the LazyLog.exe program for account password setting (for secure password storage). Settings are stored in two places. The first XML file named LazyLog.exe.config stores global setting information, information setting database access information, and database setting information for storing collected information. In the second database called SqlLogManManger, the target server access information must be entered.

You can complete the setup quickly if you install after testing your account and permissions first for the following on the server where the log collector application (LazyLog.exe) or service application is to be installed: (1) whether the database containing the monitored server information (SqlLogManManger) and the database for storing collected data (SqlLogManDmvRepository, SqlLogManPerfmonRepository) server are accessible;
(2) whether performance counter monitoring is possible for the monitored server;
(3) whether monitored SQL Server is accessible.

If the collection repository database is slow, the log collector program memory may be used excessively, so we recommend that you run the log collector program separately from the database server. If you are monitoring multiple servers, SSD is recommended for repository storage. Monitor a small number of servers and slowly extend the target. Increase the monitoring target server by determining the resource usage of the log collector program in the collection operating server environment. Log collection program error information is created for each daily item in the Log folder. If there is a problem with the collection, refer to it.

Configuration guide

MSSQL Log collector (LazyLog) installation structure

How to configure the log collector

Since the log collector can be remotely collected, it is recommended to install it separately from the collection target server, but it can be installed directly on the collection target server. Here are some examples of installable configurations. This installation guide is based on a local installation with no restrictions on firewalls and account settings (Configuration sample 1). Try local configuration first, learn how to configure and use the LazyLog applications, and then try the remote collection.

Configuration sample 1

database-2-2-0_en

Configuration sample 1 is the simplest configuration and is the configuration to learn how to use LazyLog.

This configuration does not require a firewall setting. You can install the log collector directly on the monitored SQL Server and create the monitoring database on the same SQL Server. In this case, the speed of performance counter or event log collection is high because it is not through the network. However, if the log collection program runs abnormally (usually due to problems when the Agent program is running on the operating server) or the capacity of the SQL monitoring database is increased, it may affect the operating server and is not recommended.

If you are monitoring only one server, only DMV and performance counter information is stored in the database, and event logs do not need to be stored in the database. (That is because it may be better to query the event log directly.) However, when you want to send an alarm for a specific event, you can manage it more conveniently by storing the event log in SqlLogManPerfmonRepository (which is the default repository name and can be changed).

Configuration sample 2

database-2-2-1_en

Configuration sample 2 is the recommended model for most monitoring servers.

You do not install any programs on your server; you need to configure Monitoring Server separately to install SQL Server on that server and create ManagerDB(SqlLogManManager), DMV Repository(SqlLogManDmvRepository), Perfmon EventLog(SqlLogManPerfmonRepository). The log collector program collects information remotely against the monitored server and stores the data in the SQL monitoring database.

Configuring the monitoring server separately and monitoring multiple servers can have a network bandwidth burden on the performance counter collection. Modify and use the Perfmon metrics in the Config table of the Manager database appropriately. (Default values for deployed programs are set to appropriate values for monitoring remote servers in the same IDC.)

To verify whether a monitoring server has a problem, or if a problem with the monitored server occurs due to monitoring, block the account information set on the monitoring server or stop the collection program from the monitored collection server.
The advantage is that you can easily verify if monitoring is causing problems for the database.

This monitoring model has a problem that if the monitored server has few resources (target server CPU 100%) so that the monitoring query does not work, it may not collect data. This is a unavoidable problem in the remote monitoring model. Even if Configuration sample 1 is applied, monitoring data may not be saved due to a complete lack of resources.

Some ISP providers cannot open port 445, so it is recommended that Monitoring Server be installed on the same IDC as the monitored server. This model may cost heavy licensing fees because independent SQL Server is used for monitoring only. An appropriate CAL license model may be helpful.

Configuration sample 3

database-2-2-2_en

If you have SQL Server licensing issues, you can install and run the monitoring program and monitoring database together on a server with low server usage.

Configuration sample 4

database-2-2-3_en

If the resource usage of the log collector program is burdensome, you can configure only the monitoring program using another server. In addition, you can mix the configurations of the Configuration sample 1, 2, 3, and 4 as appropriate.
However, if the SQL monitoring database is configured as a different instance or server as in Configuration sample 4, then two preconfigured synonyms must be modified accordingly to ensure normal monitoring.
(Synonyms include SN_CounterDetailsd located in the SqlLogManManager database and CounterDetailsAutoUpdated located in the SqlLogManPerformanceRepository database.)

Synonyms:
https://msdn.microsoft.com/ko-kr/library/ms187552.aspx

Collection data

Data that can be collected from MSSQL Log collector (LazyLog)

Performance counter

Windows performance counters can be collected, and it reads which counter is on the server based on the SqlLogManManager.dbo.CounterDetailsFilterinfo table information. The read counter is stored in SqlLogManManager.dbo.CounterDetailsAutoUpdated.
The FilterType [IN] in SqlLogManManager.dbo.CounterDetailsFilterinfo refers to the object to be collected, and FilterType [NOTIN] is the object to be excluded.
This value can be modified by the user after installation.

database-2-2-310_en

SqlLogManManager.dbo.CounterDetailsFilterInfo

database-2-2-311_en

SqlLogManManager.dbo.CounterDetailsAutoUpdated

The configuration of this table is the same as the Windows performance counter schema, and all the counter information corresponding to the above filter information is stored. Only the IsEnabledYN field has been added, but only the Y field is stored in the SqlLogManPerfmonRepository database every 15 seconds. (Storage interval limit: local minimum 5 seconds, remote minimum 15 seconds)
The tables that are actually stored are CounterData, CounterDetails, and DisplayToID of the SqlLogManPerfmonRepository. If you want to modify the default collection Y metrics, you can update it by modifying UpdateCounterDetailsY.sql under Resources in the installation folder. It is designed to input Free, Total, and Used Megabytes for each disk volume that is not in the original counter metrics. We hope you find it useful.

For the schema of these three tables, please refer to https://msdn.microsoft.com/en-us/library/aa371915(VS.85).aspx.

database-2-2-312_en

database-2-2-313_en

database-2-2-314_en

database-2-2-315_en

Free, Total, Used Megabytes for each disk volume

If the collection is successful, you can view the data as follows.

SQLCMD command [server]

select * from SqlLogManPerfmonRepository.[dbo].[DisplayToID]
select * from SqlLogManPerfmonRepository.[dbo].[CounterDetails]
select * from SqlLogManPerfmonRepository.[dbo].[CounterData]

database-2-2-316_en

Query result of normal running data from SSMS

After executing odbcad32 on Windows Run (ODBC Data Source Administrator (64 bit)) and performing configurations, connect to Windows built-in performance counter program to view the saved history. (Windows accounts only, so the Windows account must have login and data_reader permissions to the monitoring collection server.)

database-2-2-317_en

ODBC configuration

database-2-2-318_en

View data collected from LazyLog via Perfmon application

Event Log

It is possible to read the server's Application, Security, Setup, and System event logs. It is also possible to filter and store specific information. Each server's filter for this event information is defined in ItemOption in the SqlLogManManager.dbo.CollectItem table.

database-2-2-320_en

This information was entered through the SqlLogManManager.dbo.usp_register_CollectItem procedure, based on the SqlLogManManager.dbo.CollectItemTemplate table, and can be individually or fully modified.

SQLCMD command

select * from SqlLogManPerfmonRepository.[dbo].[EventLogApplication]
select * from SqlLogManPerfmonRepository.[dbo].[EventLogSecurity]
select * from SqlLogManPerfmonRepository.[dbo].[EventLogSetup]
select * from SqlLogManPerfmonRepository.[dbo].[EventLogSystem]

database-2-2-321_en

Query result when the application log is saved via LazyLog

Stored event logs are stored as they are read directly from the Windows default eventvwr applications. We have added the IsCheckedYN field for sending SMS, so it is useful for sending messages about specific events. In the example, EventLogSecurity, EventLogSetup, and EventLogSystem are metrics that can be added directly to the default monitoring.

DMV (Dynamic Management View)

It collects and stores the performance status of Always On Availability, current status, resource usage per query, query, query plan, lock, pending analysis, I/O amount per file, index structure, statistics date, server memory status, and agent execution history.
LazyLog collects most of the information that will help you to operate and troubleshoot SQL Server. For detailed monitoring metrics, refer to the table below.

Metrics name	Priority	Metrics type	Metrics category	Description
availability_replicas	2	AG (Availability Group)	DMV	Availability Replica Information
dm_hadr_auto_page_repair	2	AG (Availability Group)	DMV	Information about attempted automatic page recovery on all availability databases of an availability replica
dm_hadr_availability _group_states	2	AG (Availability Group)	DMV	Information about each AlwaysOn availability group with availability replicas in the local instance
dm_hadr_availability _replica_cluster_nodes	2	AG (Availability Group)	DMV	Information about all availability replicas of AlwaysOn availability groups in a WSFC cluster
dm_hadr_availability _replica_cluster_states	2	AG (Availability Group)	DMV	Information about each AlwaysOn availability replica of all AlwaysOn availability groups in the WSFC cluster (regardless of replica location or join state)
dm_hadr_availability _replica_states	2	AG (Availability Group)	DMV	A local replica of the same AlwaysOn availability group, which returns a row for each local availability replica and a row for each remote availability replica
dm_hadr_cluster	2	AG (Availability Group)	DMV	Returns cluster name and quorum information
dm_hadr_cluster_members	2	AG (Availability Group)	DMV	If the WSFC node has a quorum, returns a row for each member that makes up the quorum and the status of each member
dm_hadr_database_replica _cluster_states	2	AG (Availability Group)	DMV	Information about the Availability database status in the AlwaysOn Availability group
dm_hadr_database _replica_states	1	AG (Availability Group)	DMV	You can monitor the capacity accumulated in the current primary server queue, the speed from the primary to the secondary, the capacity accumulated in the secondary queue redo, and the secondary redo reflection rate. This is required monitoring metrics when creating new indexes, editing large amounts of data, etc.
dm_hadr_name_id_map	2	AG (Availability Group)	DMV	Information about AlwaysOn Availability Group Mapping
database_principals	3	Config	DMV	The login status created in the database. Information such as the account creation date, SID, default database, etc.
dbcc_loginfo	1	Config	DMV	You can determine the number of VLF (Virtual Log File) in the database log file or how many active log files are currently in use. The number of VLF files must be less than 100, and if this number is excessive, the SQL Server startup may be very slow or backup recovery may be very slow.
dbcc_tracestatus	1	Config	DMV	TraceFlag information activated in the database
dm_os_sys_info	2	Config	DMV	Physical Memory Capacity, Commit Memory Capacity, SQL Server Start Time, SQL Server Version, etc.
dm_server_services	2	Config	DMV	SQL Service startup type, current status, Service Account, etc. of the server, such as SQL Server, SQL Server Agent, Full-text Daemon etc.
dm_xe_sessions	2	Config	DMV	Information about all extended events running on the server
fn_trace_getinfo	2	Config	DMV	Information about all active Profiler
identity_columns	1	Config	DMV	The maximum and current values of all identity property of the database being monitored.
server_principals	2	Config	DMV	Any login related information on the server
server_triggers	2	Config	DMV	All information in the server level trigger (e.g. Login trigger)
sp_configure	1	Config	DMV	Server configuration information
sysaltfiles	2	Config	DMV	Database size, auto increment setting
sysdatabases	1	Config	DMV	Database status values (If the log is not truncated, you can see why it is not truncated, or you can see information about page verify options, recovery model, etc.)
sysjobs	2	Config	DMV	You can see all the reservation work information and enabled or disabled information
backupset	1	Log	DMV	Information about database backup sets
sp_readerrorlog	1	Log	DMV	SQL Server error log information (Agent error information is also included. For Express Edition, ItemOption must be set to SqlAgentLog=False)
sysjobhistory	1	Log	DMV	Result of reservation execution
dbcc_memorystatus	3	Performance	DMV	The most detailed level of memory on the server. You can gather more information when there are memory-related errors on the server.
dbcc_sqlperf_logspace	1	Performance	DMV	You can see the usage of the log file (LDF file). In case of AG environment or mirroring environment, the remaining space cannot be estimated by status information of DBCC Loginfo. (by design)
dm_db_index_usage_stats	1	Performance	DMV	Index Usage Status Value (It saves Cluster non-cluster, index size, complex column order, statistics update date, unique status, Filtered index status, active status, index seek scan count, etc. However, fragmentation information is not collected due to runtime problems.
dm_db_missing_index _group_stats	2	Performance	DMV	It shows the performance improvement when creating the indexes and indexes suggested by the additional index recommendation feature.
dm_db_task_space_usage	2	Performance	DMV	It is for TEMPDB space tracking. It shows how much space is allocated to the TEMPDB by a query.
dm_exec_query_stats2	1	Performance	DMV	It collects 1-minute statistics per query and returns statistics such as CPU, Reads, Execution Count, and Elapsed Time. It also stores the associated Query String and query execution plan. 1-minute Statistics table: dm_exec_query_stats2_b_summary Actual query table: dm_exec_query_stats2_b_statement Query plan table: dm_exec_query_stats2_b_query_plan Actual query statistics default data (1 hour): dm_exec_query_stats2_b
dm_io_virtual_file_stats	2	Performance	DMV	It returns I/O statistics for data files and log files. If there are multiple files on one physical disk, this is a key value to determine which file generates the most I/O.
dm_os_memory_clerks	2	Performance	DMV	It returns all currently active memory clocks in the SQL Server instance. As most of the memory allocations used by SQL Server are used after registering with the DMV, it is often used to track memory usage or to identify objects that show excessive memory usage.
dm_os_wait_stats	1	Performance	DMV	It shows the wait time for query completion. It is recorded as a cumulative value. If you query the difference between the past value and the present value at regular intervals, you can see what kind of waiting is often occurring.
dm_os_workers	1	Performance	DMV	It returns the currently active query and status value. It is designed to contain both the user queries that are currently being performed on SQL Server and the actions that occur on the system, giving you the best insight into the server status that is currently running. (dm_exec_query_stats2 has statistics that have completed the operation, and dm_os_workers has resource usage information of the currently executing query.)
sp_lock2	1	Performance	DMV	It is designed to output SQL Server lock information in Tree format, and Cause Query analysis is possible. (e.g.: LockTree results of 65 > 70 > 81 is a description that the spid 65 is the cause of the lock, and the spid 70 and 81 are waiting to be executed [Unable to perform with lock].) The collection period needs to be adjusted according to the operating environment. The default value is 10 seconds, but it is also a good idea to shorten the collection period as needed.
sp_spaceused	1	Performance	DMV	Outputs the table's row count and space usage information.
suspect_pages	1	Performance	DMV	Outputs inconsistent page information. You can monitor 823 and 824 errors. 823 and 824 errors may be due to a problem with physical hardware storage consistency and may require hardware checks.
Application	1	Log	EVENTLOG	Gets the application information of the event log. Add filter conditions to collect only the data of the desired condition.
Security	3	Log	EVENTLOG	Gets the Security information of the event log. Add filter conditions to collect only the data of the desired condition.
Setup	3	Log	EVENTLOG	Gets the Setup information of the event log. Add filter conditions to collect only the data of the desired condition.
System	3	Log	EVENTLOG	Gets the System information of the event log. Add filter conditions to collect only the data of the desired condition.
BaselineCollect	1	Performacne	PERFMON	Gets the Performance Counter value. Gets the predefined Performance Counter values, and predefined counters are monitored in the Resources folder under the installation folder based on the UpdateCounterDetailsY.sql value. To change the monitoring defaults, change the query or individually adjust the IsEnabledYN value in the CounterDetailsAutoUpdated table in the SqlLogManManager database. If you need additional performance counter information, edit the filter information in the CounterDetailsFilterInfo table.

To prioritize, what LazyLog developers should mainly focus on when monitoring SQL Server is set to 1. A special troubleshooting, or cases with low priority are set to 3.
If you do not have a particular problem, enable all settings to monitor. If you have storage issues, change or delete the collection period of items to adjust the time limit.

Database schema

MSSQL Log collector (LazyLog) database structure

SqlLogManManager

A table for storing the collected server information and all the settings related to the collection setting is contained in this database. (If you only back up this database and the lazylog.exe.config file, you can recover the collection server at any time.)

Table name	Column name	Description
Table name	Column name	Description	CollectItem	CollectId	Auto increment value
ItemType	It can contain DMV / EVENTLOG / PERFMON values.
ItemName	Contains values such as dm_os_workers, dm_os_waitstats, and dm_exec_query_stats2. If the item is DMV, it is saved as ItemName_b in the SqlLogManDmvRepository. In case of dm_exec_query_stats2 item, a table is added. The result is saved as the dm_exec_query_stats2_b, dm_exec_query_stats2_b_query_plan, dm_exec_query_stats2_b_statement, dm_exec_query_stats2_b_summary table. Every ItemName is stored in the CollectItemTemplate table with default values.
ItemDesc	The classification value divided into PERF, CONFIG, and LOG, which do not perform any special operation in the program.
MachineId	MachineId value of the monitored server registered in the Machine table
SqlInstanceId	SqlInstanceId value stored in MachineSqlInstance
DatabaseName	The default database value for the Connection String. Some items are not collected in the master database and must be connected directly to the user database. The CollectitemTemplate is separated by master and UserDatabase. Items categorized as UserDatabase must be set after the default item is successfully collected first.
CollectIntervalSec	Collection period seconds
IsNtAuthYN	It can have a Y / N value, which is a value that distinguishes between NT authentication and SQL authentication. PERFMON and EVENTLOG among ItemType must set IsNtAuthYN to Y. DMV related items can have a Y/N value. If IsNtAuthYN is Y, DMV related items accesses after attempting Windows Impersonation using PortDefault information in the MachineName, MachinePublicIp, NtUserName, NtPassword, NtDomain, and MachineSqlInstance tables of the Machine table when trying to find the monitored server. If the target server is a domain environment, enter the domain (e.g.: minsouk.com) in NtDomain and if not, enter the hostname (e.g.: LocalMachineHostnmaeA). If N, it works as SQL authentication and is accessed by using SqlUsername, SqlPassword, PortDefault value in MachinePublicIp, MachineSqlInstance tables of Machine. EVENTLOG and PERFMON are accessed using MachineName instead of MachinePublicIp. Therefore, register the hostname in domain for AD environment, if it is not registered hostname in windows/system32/drivers/etc/hosts, and then enter in NtDomain to collect normally.
IsEnabledYN	It can have a Y / N value, and if it is N, the item will not be collected.
PurgeIntervalSec	It is recommended to set it equal to the collected stored data deletion cycle seconds and the collection period.
PurgeDurationHH	It is the time limit to store the data. If you enter 24, data older than 24 hours will be automatically deleted if IsPurgeEnabledYN is Y.
IsPurgeEnabledYN	It has Y / N value. If it is Y, it deletes data.
ItemOption	It can have topCnt, SrcDelHH, IsNewDmv, isGatherQueryStatement, isGatherQueryPlan options in db_exec_query_stats2_b. topCnt records the maximum value when dm_exec_query_stats is sorted by last_execution_time desc and retrieved as top. The default value is 20000. It is the data retention time of SrcDelHH dm_exec_query_stats2_b. The default is 1, which is 1 hour. It is not necessary to keep it for more than one hour unless it is a special case. This is because the total values are stored separately in dm_exec_query_stats2_b_summary. isNewDmv can collect the total_dop ~ max_used_threads values from SQL Server 2012 SP3. As it is different for each SP version, the default is set to false. If you collect dm_exec_query_stats with this value, you can enter true. isGatherQueryStatement is whether the query statement is collected. The default value is true. isGatherQueryPlan is whether the plan is collected. The default value is true. Set to false if there are a lot of plans that run with ad-hoc queries. Even if it is set to true, the plan is collected at the minimum load. Query statements and plans collect 100 queries that cause a peak load in one minute. For EVENTLOG Security, filter conditions can be specified. The default value is filter \| and \[System[EventID != '4674']] and \[System[EventID != '4624']] and \[System[EventID != '4634']] and \[System[EventID != '4672']] and \[System[EventID != '5447']] and \[System[EventID !='4673']] and \[System[EventID != '4776']] and \[System[EventID != '4670']] . For PERFMON BaselineCollect, it can have the counterReload option and the default is Y. When all performance counter collection on the server is complete, it automatically changes to N.
CollectItemTemplate		It is the table that stores the collection default values. IsEnabledYN are all set to N. For isNtAuthYN, EVENTLOG and PERFMON are set to Y and DMV related metrics are set to N. When registering an item using usp_register_CollectItem storage procedure, refer to this value to perform.
Config	Type	It can have PERFMON / EVENTLOG / DMV values.
	Name	Item Name CollectPerServerItemSleepMiliSec: It is the idle time (Thread.Sleep value) between items when collecting performance counter items. For a remote server in the same IDC, we recommend 150. For example, if the performance counter collection interval is 10 seconds and the collection performance counter item is 10, then CollectPerServerItemSleepMiliSec will be up to 1000 ms. This value depends on the items collected by the server and the collection period. It is possible to set a minimum of 1000 ms between collection intervals, but it is recommended to set it up to about 900 ms. The minimum value must be at least 25 ms. For a local server, this can be set to a shorter time. CollectIntervalSec: Performance counter collection period. The default value is 15 seconds. For remote servers, you must set a value of at least 15 seconds. You cannot give different values per server. If you add performance counters for the target server, this value should be changed. CounterDetailsThreads: When collecting the first performance counter, you must read each counter information. This value filters performance counter categories through the CounterDetailsFilterInfo table setting. Reading too many server performance counters at once can cause network bottlenecks, so you can set them up appropriately. If it is set to 1, performance counter information is collected from one server at a time. This value controls the concurrent number of SemaphoreSlim classes in the collection program. If you want to collect from all of the collected servers simultaneously, you can enter the number of collected servers. It is recommended that you apply a default of 1 to collect sequentially. PerfmonReset: During the execution of the LazyLog.exe program, if the Value of the entry is updated to Y, only the performance counter will restart collection after a few seconds. This is an option to not restart the entire collection program. Shutting down and restarting the LazyLog.exe program performs the same action. DmvReset: During the execution of the LazyLog.exe program, if the Value of the entry is updated to Y, only the DMV will restart collection after a few seconds. This is an option to not restart the entire collection program. Shutting down and restarting the LazyLog.exe program performs the same action. EventLogReset LazyLog.exe: During the execution of the program, if the Value of the entry is updated to Y, only the event log will restart collection after a few seconds. This is an option to not restart the entire collection program. Shutting down and restarting the LazyLog.exe program performs the same action.
	Value	All of it is a character value. However, it is used in the program by converting properly. (Refer to the description of "Name" above.)
CounterDetailsAutoUpdated		To collect performance counter, it is read from the server based on the CounterDetailsFilterInfo table value. CounterDetailAutoUpdated is the initial storage location of the performance counter information read from the server. By default, counters with IsEnabledYN set to Y are set by the UpdateCounterDetailsY.sql value in the Resources folder under lazylog.exe. If you want to add performance counters, edit the IsEnabledYN value of the metrics in the CounterDetailsAutoUpdated table in the SqlLogManManager database to Y and set to counterReload=Y in the performance counter metrics ItemOption for the server in the CollectItem. (The procedure for changing the performance counter set to Y to N is the same.)
CounterDetailsFilterInfo	idx	identity value
	FilterType	You can set the IN / NOTIN value. Based on ObjectName, IN is include, NOTIN is not collected.
	ObjectName	ObjectName of performance counter.
Machine	MachineId	identity value
	IdcName	Not used
	MachineName	Used in EventLogSession class to collect the EventLog. Used in PerformanceCounter class to collect the PERFMON. If it is not an ActiveDirectory environment, hostname and IP must be registered in windows/system32/etc/hosts.
	MachinePublicIp	Server access IP when collecting DMV
	MachinePrivateIp	Not used
	MachineClusterIp	Not used
	MachineAgIp	Not used
	NtUserName	Account name to use for Windows Impersonation authentication
	NtPassword	The password to use with Windows Impersonation Authentication. You need to enter the encrypted value obtained by performing lazylog.exe "password". The encrypted password is decrypted and used as a normal password value within the program.
	NtDomain	The domain name to use for Windows Impersonation authentication. If it is not an Active Directory environment, you must enter a hostname.
	NtSessionAuthenticationType	Supports KERBEROS, NEGOTIATE, NTLM, and DEFAULT. It is used in the EventLogSession class. The default value is DEFAULT.
	IsEnabledYN	Y / N can be set. If N, all items on that server are not collected. (Restart lazylog.exe or adjust the Config value to restart the collection.)
MachineSqlDatabase	MachineId	MachineId value in the Machine table
	SqlInstanceId	SqlInstanceId value in the MacineSqlInstance table
	DatabaseName	Database names collected in sysdatabases_b in the SqlLogManDmvRepository database
	DatabaseDesc	Not used
	IsEnabledYN	Determines whether to script when creating by using the usp_register_CollectItem storage procedure. N is not scripted.
CollectItem	CollectId	Not used

SqlLogManDmvRepository

This is the database where the DMV collection result data is stored.

Table name	Column name	Description
All tables with \_b (baseline semantics) in ItemName in the CollectItem table of the SqlLogManManager database	idx	identity value
	MachineName	Server host name to collect
	FullinstanceName	SQL Server instance name to collect
	probe_time	Collection Request Time
	etc	Analogy based on each itemname command
dm_exec_query_stats2_b		dm_exec_query_stats2 item data
dm_exec_query_stats2_b_summary		The delta value of dm_exec_query_stats2_b (the delta value for one minute based on the current setting) This table is created based on the past value only when dm_exec_query_stats_b is collected at least 3 times.
dm_exec_query_stats2_b_statement		Query statement corresponding to query_hash in dm_exec_query_stats2_b_summary
dm_exec_query_stats2_b_query_plan		xml plan corresponding to plan_handle in dm_exec_query_stats2_b_summary

SqlLogManPerfmonRepository

This is the database that stores performance counters and event logs.

Table name	Column name	Description
CounterData		Follows the Performance counter default database schema (Collected performance values)
CounterDetails		Follows the Performance counter default database schema (Collected performance counter types)
DisplayToID		Follows the Performance counter default database schema (The collection performance counter Set definition; the PerfmonItemName value of lazylog.exe.config, BaselineCollect, is used as the DisplayString.
EventLogApplication		Application information of Windows Event Log (At the initial collection, it gets logs since 30 minutes prior.)
EventLogSecurity		Security of Windows Event Log (At the initial collection, it gets logs since 1 minute prior.)
EventLogSetup		Setup of Windows Event Log (At the initial collection, it gets logs since 1 day prior.)
EventLogSystem		Log System of Windows Event (At the initial collection, it gets logs since 30 minutes prior.)

Install

MSSQL Log collector (LazyLog) installation guide

Install program

Overview

If you save your password as plain text, you will have to re-encrypt your password because there is a hacking or security problem. [Required]
In order to read performance counters and event logs from the monitored server, Windows account settings, permission settings, required service startup, and firewall settings are required on the target server.
You must first check if the monitor server is able to query performance counters, event logs, and DMVs for monitored servers.
Create three repository databases.
The lazylog.exe.config file records the database in which the metrics global settings and collector settings are stored and the database information where the collection results are stored.
Save the connection information of the collected server to the SqlLogManManager database.
Register collection items for each server in the SqlLogManManager database. (Whether to collect performance counters, collect each metrics of event log, collect each metrics of DMV, etc.)

Due to the complexity of the setup, we provide the procedure to create the registration script. You can create the script and run it in SQLCMD or SSMS.

There are basic collections and extended collections. For extended collections

SqlLogManDmvRepository.dbo.sysdatabases_b collection must be completed. (Need to collect sysdatabases among the default items)

The SqlLogManDmvRepository database stores SQL Server related monitoring metrics.
The SqlLogManPerfmonRepository database stores performance counters and event log collection results.

Install Console mode

If you unzip the LazyLog.zip, you will see the following files.

database-2-2-520_en

Metrics	Description
Resources	UpdateCounterDetailsY.sql File exists
SQLScript	SQL script file used in Windows command set and install step exists
LazyLog.exe	Log collector program (Console applications)
LazyLog.exe.config	Log collector configuration file (XML configuration file)
LazyLogService.zip	Log collector program (Application installation files for Service installation)

If you do not check the file extension in the Explorer view options, LazyLog.exe looks like LazyLog and LazyLog.exe.config looks like LazyLog.exe. Be careful not to confuse LazyLog.exe.config with LazyLog.exe.

Create password

The password used by LazyLog must use the encrypted string created by LazyLog. Encrypted string is created by entering the LazyLog "password string" in cmd. Below is an example that created three passwords. It is also a good idea to set the same password for all test settings. However, passwords for each server may be different in an actual monitoring environment.
You can set up even easier if you also practice creating passwords like the guides for tests.

database-2-2-521_en

Set monitored server

Set server
lazyNtUser is the Windows impersonation authentication account to be set in the SqlLogManManager database. Below is the command to execute on the monitored server, and it must be run in administrator mode. If the monitoring repository server and the monitored server are the same, the following red command is not required.

Windows CMD commands [client]

sc config remoteregistry start=auto
net start remoteregistry
netsh advfirewall firewall set rule name="Netlogon service(NP-In)" new enable=yes
net user lazyNtUser P@ssw0rd2 /ADD
net localgroup "Performance Log Users" lazyNtUser /add
net localgroup "Performance Monitor Users" lazyNtUser /add
net localgroup "Event Log Readers" lazyNtUser /add

Set SQL Server
An account called lazyClient is the account information that will be set in the SqlLogManManager database. As an SQL Server administrator, run the following command in SQLCMD mode: Open the L03_Account_lazyClient.sql file in the SQLScript subfolder.

SQLCMD command [Client]

-- Edit variable
:setvar AccountName lazyClient
:setvar AccountPassword P@ssw0rd1
-- End edit variable

The lazyClient SQL authentication account is created with the password P@ssw0rd1.

Operate all SQL query statements of this guide in SQLCMD mode. To operate in SQLCMD mode in SSMS, refer to the description below.


How to convert SQLCMD mode	Normal mode	SQLCMD mode (The variable part is inverted)

Create monitoring repository database

Create a folder to create the repository database.

Windows CMD command

mkdir c:\lazylog

You should create the folder. (The database name can be freely changed, and the database will be created in the folder later.) Keep it as it is for the first exercise.

Open the L01_InitScript.sql file in the SQLScript subfolder.

SQLCMD command

-- Edit variable
:setvar SqlLogManManagerDatabase SqlLogManManager
:setvar SqlLogManManagerMdfPath c:\lazylog
:setvar SqlLogManManagerLdfPath c:\lazylog
:setvar SqlLogManDmvRepositoryDatabase SqlLogManDmvRepository
:setvar SqlLogManDmvRepositoryMdfPath c:\lazylog
:setvar SqlLogManDmvRepositoryLdfPath c:\lazylog
:setvar SqlLogManPerfmonRepositoryDatabase SqlLogManPerfmonRepository
:setvar SqlLogManPerfmonRepositoryMdfPath c:\lazylog
:setvar SqlLogManPerfmonRepositoryLdfPath c:\lazylog
-- End edit variable

This script creates three databases: SqlLogManManager, SqlLogManDmvRepository, and SqlLogManPerfmonRepository. Check the variable modification section and execute in SQLCMD mode. Three databases are created as shown below.
database-2-2-525_en

Create an account for the monitoring repository

Create an account to access the database created in the step above.

Open the L02_Account_lazyServer.sql file in the SQLScript subfolder.

SQLCMD command

-- Edit variable
:setvar AccountName lazyServer
:setvar AccountPassword P@ssw0rd3
-- End edit variable

Modify the variable and execute it in SQLCMD mode.
Be sure to test whether you can log in to the monitoring repository server as SSMS with ip, port, and account from where lazylog application is running. (If you log in as SSMS, access via the original password P@ssw0rd3) If you set it to GUI, you may need to change your password before you can log in depending on the option. For the lazyServer password, P@ssw0rd3, enter the value encrypted as qcWa7DCqnN7vqMZ6b9ilzw== when you put it in Lazylog.exe.config.
On the server running LazyLog.exe file with the created account and IP password, test the IP and Port access to the repository database server.

Set LazyLog.exe.config

This file is the step where the LazyLog application enters information to access the database created in the above step.

You can edit it with notepad. Edit the IP, Port, account name, and encrypted account password appropriately. You should set after testing whether it can access SSMS if you access via 127.0.0.1,1433.

<appSettings>
  <add key="FileLogYN" value="Y" />
  <add key="UsePerfmonYN" value="Y" />
  <add key="UseEventmonYN" value="Y" />
  <add key="UseSqlmonYN" value="Y" />
  <add key="UseLocalKey" value="Y" />
  <add key="NClavisKey" value="" />

  <add key="PerfmonItemName" value="BaselineCollect" />

  <add key="SqlLogManManagerInstanceName" value="AD01047147" />
  <add key="SqlLogManManagerIP" value="127.0.0.1" />
  <add key="SqlLogManManagerPort" value="1433" />
  <add key="SqlLogManManagerDatabase" value="SqlLogManManager" />
  <add key="SqlLogManManagerIsNtAuthYN" value="N" />
  <add key="SqlLogManManagerUserName" value="lazyServer" />
  <add key="SqlLogManManagerPassword" value="qcWa7DCqnN7vqMZ6b9ilzw==" />

  <add key="SqlLogManDmvRepositoryInstanceName" value="AD01047147" />
  <add key="SqlLogManDmvRepositoryIP" value="127.0.0.1" />
  <add key="SqlLogManDmvRepositoryPort" value="1433" />
  <add key="SqlLogManDmvRepositoryDatabase" value="SqlLogManDmvRepository" />
  <add key="SqlLogManDmvRepositoryIsNtAuthYN" value="N" />
  <add key="SqlLogManDmvRepositoryUserName" value="lazyServer" />
  <add key="SqlLogManDmvRepositoryPassword" value="qcWa7DCqnN7vqMZ6b9ilzw==" />

  <add key="SqlLogManPerfmonRepositoryInstanceName" value="AD01047147" />
  <add key="SqlLogManPerfmonRepositoryIP" value="127.0.0.1" />
  <add key="SqlLogManPerfmonRepositoryPort" value="1433" />
  <add key="SqlLogManPerfmonRepositoryDatabase" value="SqlLogManPerfmonRepository" />
  <add key="SqlLogManPerfmonRepositoryIsNtAuthYN" value="N" />
  <add key="SqlLogManPerfmonRepositoryUserName" value="lazyServer" />
  <add key="SqlLogManPerfmonRepositoryPassword" value="qcWa7DCqnN7vqMZ6b9ilzw==" />
  <add key="ClientSettingsProvider.ServiceUri" value="" />
</appSettings>

Metrics	Description
FileLogYN	Whether to leave an error log for the LazyLog application. If Y, a folder named Log is created in the installation folder and a log is created for each item by date. If the collection is normalized, change it to N and restart the program to prevent log files from accumulating on the server.
UsePerfmonYN	The LazyLog application determines whether to collect performance counters. If Y, performance counters are collected; if N, no items are collected even if SqlLogManManager.dbo.CollectItem is set to Y.
UseEventmonYN	The LazyLog application determines whether to collect event logs. If Y, event logs are collected; if N, no items are collected even if SqlLogManManager.dbo.CollectItem is set to Y.
UseSqlmonYN	The LazyLog application determines whether to collect DMV. If Y, DMV are collected; if N, no items are collected even if SqlLogManManager.dbo.CollectItem is set to Y.
UseLocalKey	It must be Y.
PerfmonItemName	DisplayString name of the Performance counter storage database (SqlLogManPerfmonRepository) DisplayToID table. The performance counter repository is configured with that name, and is used as the name to query when drawing figures back from the Windows performance counters. BaselineCollect is used by default.
SqlLogManManagerInstanceName	Collection Settings Repository Instance Name. (Not used in the program.)
SqlLogManManagerIP	Collection Settings Repository IP
SqlLogManManagerPort	Collection Settings Repository SQL Service Port
SqlLogManManagerDatabase	Collection settings database name.
SqlLogManManagerIsNtAuthYN	Enter Y for Windows authentication or N for SQL authentication. (N is recommended.)
SqlLogManManagerUserName	Account name of the Collection Settings database
SqlLogManManagerPassword	Password of the Collection Settings database (If the password to access the actual database is P@ssw0rd3, you must enter the password value qcWa7DCqnN7vqMZ6b9ilzw== created with LazyLog.exe. Many of the encryption related errors are caused by incorrect account password values, or passwords are too long.)

The remaining SqlLogManDmvRepositoryXXXX and SqlLogManPerfmonRepositoryXXXX are the database to store the DMV results, and the database information to store performance counters and event logs.

Add Hosts file

If the monitoring server cannot access the monitored server by name, add it to the windows/ system32/drivers/etc/hosts file and make it accessible by name. Adding a hostname in a workgroup environment is required for performance counter and event log collection.

Enter target server information on the monitor server

This is the process of registering the monitored server. Open L04_TargerServerRegister.sql in the SQLScript sub folder and modify the variable below and execute it in SQLCMD mode.

SQLCMD command

-- Edit variable

:setvar ManagerDatabaseName SqlLogManManager
-- The database name to store the settings
:setvar IdcName NCloud
-- Server location (No impact on program)
:setvar MachineName AD01047147
-- Monitored server host name (If it is remote, register it in hosts to make it accessible.)
:setvar MachinePublicIp 127.0.0.1
-- Monitored IP
:setvar lazyNtUserName lazyNtUser
-- Windows authentication created on the target server to read the performance monitor and event log
:setvar lazyNtUserPasswordEncrypted XckO0Pvn7Lq0GjFVAjehhg==
-- Password for above account (It must be encrypted with lazylog.exe. Create like lazylog.exe "P@ssw0rd2")
:setvar NtDomainNameIfNotAdEnvHostname AD01047147
-- In the AD environment, enter only the domain name without the hostname hostname.adServer.com -> adServer.com, if workgroup, enter the hostname
:setvar FullInstanceName AD01047147
-- Monitored SQL Instance Name (Name 0 of sysservers on that server)
:setvar SqlUsername lazyClient
-- SQL admin account set on monitored SQL instance
:setvar SqlPassword BaQJi8Br/qBUv0lq/F1Z1Q==
-- Password for above account (It must be encrypted with lazylog.exe. Create like lazylog.exe "P@ssw0rd1")
:setvar RoleName test server
-- Server notes (No impact on program)
:setvar SqlServerMajorVersion 2014
-- One of the values of the major versions of SQL Server 2008, 2012, 2014, 2016
:setvar SqlPort 1433
-- Monitored server port

-- End edit variable

Register default monitoring

Open L05_TargetItemRegisterBasic_01.sql file in the SQLScript subfolder, and edit the variable below and execute it in SQLCMD mode.

-- Edit variable

:setvar machineName AD01047147
-- MachineName is the hostname
:setvar FullInstancename AD01047147
-- FullInstanceName is the result of the “select srvname from sysservers where srvid = 0” on that server
:setvar SqlLogManManagerDatabase SqlLogManManager
-- Name of the manager database where all lazylog settings are stored (monitoring repository database)

-- End edit variable

Execute LazyLog.exe

Double click on LazyLog.exe in Windows Explorer. Below is a sample of the Console mode LazyLog.exe running normally.

database-2-2-526_en

View normal status of default monitoring

Performance counter
To check if LazyLog is collecting normally, check the table below about two minutes after it is activated.

SQLCMD command

select * from SqlLogManPerfmonRepository.[dbo].[DisplayToID]
select * from SqlLogManPerfmonRepository.[dbo].[CounterDetails]
select * from SqlLogManPerfmonRepository.[dbo].[CounterData]

If it is output as below, it’s collecting normally.
database-2-2-527_en

Event log
To check if LazyLog is collecting normally, check the table below about two minutes after it is activated.

select * from SqlLogManPerfmonRepository.[dbo].[EventLogApplication]
select * from SqlLogManPerfmonRepository.[dbo].[EventLogSecurity]
select * from SqlLogManPerfmonRepository.[dbo].[EventLogSetup]
select * from SqlLogManPerfmonRepository.[dbo].[EventLogSystem

If it is output as below, it’s collecting normally.

database-2-2-528_en

View DMV

To check that basic monitoring is working properly, check the content of SqlLogManDmvRepository.dbo.sysdatabases_b table. This information must be collected in order to register extended monitoring.

SQLCMD command

select * from SqlLogManDmvRepository.dbo.sysdatabases_b order by probe_time desc

If you see the user database list as shown below, the normal collection is completed.

database-2-2-529_en

Register extended monitoring

View and copy user database information
Extended monitoring can be collected only when the sysdatabase that was checked above among the basic monitoring metrics is normally collected. Open the L06_TargetItemRegisterAdvanced_01.sql file in SQLScript subfolder, and edit the below variable and execute as SQLCMD mode to enter user database information in SqlLogManManager.dbo.MachineSqlDatabase.

SQLCMD command

-- Edit variable
:setvar machineName AD01047147
-- Monitored hostname
:setvar SqlLogManManagerDatabase SqlLogManManager
-- Name of the manager database where all lazylog settings are stored (monitoring repository database)
:setvar SqlLogManDmvRepositoryDatabase SqlLogManDmvRepository
-- Database name where DMV collection information will be stored
-- In the basic item collection, normal registration is possible when the sysdatabases is collected.
-- End edit variable

If it is performed normally, the following output will appear.
database-2-2-5210_en

Create extended monitoring registration script
Open the L06_TargetItemRegisterAdvanced_02.sql file in the SQLScript subfolder, edit the variables below, and run it in SQLCMD mode.

SQLCMD command

-- Edit variable
:setvar machineName AD01047147
-- Monitored hostname
:setvar SqlLogManManagerDatabase SqlLogManManager
-- Name of the manager database where all lazylog settings are stored (monitoring repository database)
-- End edit variable

When it is performed normally, the script to be executed is output.
database-2-2-5211_en

Among the created scripts, execute a set of two scripts called "script to execute" in SSMS.
database-2-2-5212_en

Enable extended monitoring scripts
Open the L06_TargetItemRegisterAdvanced_04.sql file in the SQLScript subfolder, edit the variables below, and run it in SQLCMD mode.

SQLCMD command

-- Edit variable
:setvar machineName AD01047147
-- Monitored hostname
:setvar FullInstanceName AD01047147
--FullInstanceName is the result of the “select srvname from sysservers where srvid = 0” on that server.
:setvar SqlLogManManagerDatabase SqlLogManManager
-- Name of the manager database where all lazylog settings are stored (monitoring repository database)
-- End edit variable

Restart LazyLog.exe

Restart Console LazyLog.exe to collect extended monitoring metrics.
(Shutdown and start Console application)

View normal status of extended monitoring

In case you checked that basic monitoring is normal and you want to check if extended monitoring is normal, all the collection is normal if sp_spaceused_b is collected normally.

SQLCMD command

select * from SqlLogManDmvRepository.dbo.sp_spaceused_b order by probe_time desc

All the collection is normal if the table size per db_name is normally output as below.

database-2-2-5213_en

Install using Windows service

When all the settings are completed in Console mode, unzip the LazyLogService.zip file and simply run Setup.exe and click Next to complete the installation. (If you run LazyLog as a Windows service, you can run only one service, so if you need to run multiple LazyLogs, use it in Console mode.)

database-2-2-530_en

C:\Program Files\Naver Business Platform\SQL Server Log Collector
Copy the appSettings configuration of the Console application that was previously set only and paste it to the appSettings section of LazyLog.exe.config file in the folderEnter net start "SQL Server Log Collector" in the cmd prompt to start the service, or start the SQL Server Log Collector in services.msc.

database-2-2-531_en

database-2-2-610_en

database-2-2-532_en

If run as a service, the collection will automatically start even if the monitoring server restarts.

If all the collections are normal, we recommend setting the [FileLogYN] setting to [N].

Troubleshooting installation issues

MSSQL Log collector (LazyLog) installation troubleshooting guide

Troubleshooting

In troubleshooting, let’s assume that you have set up the same account as the example. Please refer to the log file to solve other problems. Most of the errors were due to incorrect account setting or the TCP port 445 being blocked by the ISP provider, in which performance counter and event log data could not be collected. In this case, you can change the location of the collector program so that it does not use blocked ports.

Machine table

WorkGroup server

If you have a monitoring server with a hostname of AD01047147
Register the [host] as [alias] in [windows/system32/drivers/etc/].
Test if you can access 1433 monitoring SQL Server via Ping and Telnet.
For MachineName, enter "AD01047147," and for NtDomain, enter "AD01047147" as well.
For NtUserName, enter "lazyNtUser."
For NtPassword, enter the encrypted password. (Encrypt your password using lazylog.exe.)
Check if IsEnabledYN is Y.

Active Directory server

If the monitored host has [mhv1.minsouk.com] server
For NtDomain, enter "minsouk.com" only (excluding a hostname).
For MachineName, enter "mhv1[host name only]".(No other content, such as Slash @, should be included.)
For NtUserName, enter "lazyNtUser" or monitoring ID (excluding a domain name).
For NtPassword, enter the password of the above account encrypted with lazylog.exe.
Check if IsEnabledYN is Y.

MachineSqlInstance table

If the SQL Server is the default instance, enter only "MHV1"; if it is installed as a named instance, enter "FullInstanceName." (Enter as shown in MHV1\SQL2016.)
For DMV metrics, if the IsNtAuthYN value in CollectItem is Y, it is accessed by using NtUserName and NtPassword values recorded in the machine. If it is N, it is accessed by using MachinePublicIp and PortDefault.
Check if IsEnabledYN is Y. Please refer to the figure below to edit.

database-2-2-611_en

In the above configuration, MachineId 1 is the WorkGroup server and MachineId 6 is the ActiveDirectory server setting. LazyLog impersonates based on the above information, and reads Windows performance counters, event logs, and DMV.

Internal ConnectionString creation logic

database-2-2-612_en

In a workgroup environment, you should check if port 1433 is working properly via Ping or telnet with hostname to the target server for DMV collection (If it is a customized port, check the corresponding port). To collect performance counters and event logs, Ping or port 445 should be verified to check if they are working properly.

Test access by account

lazyServer
It is set in lazylog.exe.config and the account and permissions must be set in SQL Server to store the collected data.

The repository database must be accessible by the SQL Server account. (Set in lazyLog.config.XML) When testing with SSMS or SQLCMD, check if you can use the password before the lazyServer account is encrypted to log in from the computer where the lazyLog.exe program is running to the SQL Server where the SqlLogManManager database is located. (accurately test IP and Port)
Does lazyServer have sysadmin or dbo permissions?

lazyClient
It is set in MachineSqlInstance, and the account and permissions must be set on the collected SQL Server.

Is the SQL Server account accessible to the monitored server by SSMS or SQLCMD program? (The lazyClient account accesses the target server with the Machine and MachineSqlInstance information in the SqlLogManManager database. When testing in SSMS, you must enter it as a value before encryption.)
Does lazyClient have sysadmin permissions?

lazyNtUser
Set in Machine table, and the account and permissions must be set on the target computer.

Used to read performance counters and event logs. (SQL authentication is not allowed.)
To check if the password is correct, log in as Administrator to the collected server and execute as follows with the Runas command.
runas /user:lazyNtUser cmd.exe
If the cmd window normally starts with lazyNtUser, the password is correct.
Check the permissions of lazyNtUser. The permissions to be set on the target server are as below.

View account metrics

Have you executed the following query based on the L07_FullCollectItemStatus.sql contents, and is IsEnabledYN all set to Y?

database-2-2-617_en

View ports and services for remote collection

WorkGroup server

If it is a workgroup, create a lazyNtUser on the target server with the same account and password as the lazyNtUser on the server that runs lazylog.exe, then log in to Windows with this account.
Run Perfmon in Execute.
In the Add Counter menu, enter the IP to collect from the computer in the counter check box.
Verify if the performance counter collection on the remote computer is working properly.

Active Directory server

Run Perfmon in Execute.
Verify if the performance counter collection on the remote computer is working properly.

Firewall

Test in an environment where there is no firewall in the same IDC, or test in the same network environment and test if it works.
If the RPC port is blocked, it is a good idea to place the collection program inside the firewall and specify an external SQL Server only for the collection results.
Trace network packet analysis programs to both the collected and collecting computers and monitor whether the RPC 445 port is normal.
Trace network packet analysis programs to both the collected and collecting computers and monitor whether the TCP 1443 port is normal.

Required services on monitored servers

Is Remote Registry service enabled?
Is Remote Procedure Call(RPC) service enabled?

SQL Server

Check the sp_readerrorlog for any errors.
Check for queries and errors with profiler or extended events.

Sample

MSSQL Log collector(LazyLog) sample

DMV data sample

The dashboard below is simply a graph using the above LazyLog collection data. Either Excel or a variety of dashboard tools can be used to draw dashboards and graphs.

AG monitoring

The following figure shows an example of configuring SQL Server high availability solution, AlwaysOn monitoring. The stack chart in Figure 1 below represents individual servers for each stack. It represents the capacity accumulated in the queue of the current primary server, the rate of sending from primary to secondary, the capacity accumulated in secondary queue redo, and the rate of secondary redo reflection respectively.

If you look at the central red box, you can monitor the stopped status of one server's log application. In this case, all logs to the secondary server have been monitored as being sent and it appears that only the application is stopped or very slow.
This case was troubleshot by restarting the secondary server. If you have not been monitoring this problem and have continued service, you may have been in a worst-case situation to reconfigure your AG. (The log application on the secondary server is designed with slightly different logic between active status and restarting. You can apply it more quickly if you apply logs by restarting.) In LazyLog, the following information is being monitored in the dm_hadr_database_replica_states_b table in 20 second increments.

database-2-2-710_en

Server resource usage monitoring

The following figure shows an example of a page configured to monitor the same group of servers and monitor CPU, BatchRequests/Sec, Memory status and network transfer rate at once. If there is a server that behaves differently than usual, you can find it immediately. LazyLog records performance counter information in 15 second increments.

database-2-2-711_en

Verify query resource usage

The following figure shows an example of query monitoring for two servers performing the same role. As they are databases that perform the same role, the query should be received similarly and the CPU WorkerTime should be similar. However, in this case you can recognize that only certain queries on one server in a given time period have increased resource usage.

For the central bubble chart, the X axis is the number of executions and the Y axis is WorkerTime. By looking at the query, you can instantly see which queries are consuming the most resources at specific times of the day.
dm_exec_query_stats2_b_summary of LazyLog shows detailed resource usage per query in 1 minute increments.

database-2-2-712_en

Lock monitoring

Below is an example of monitoring a lock. When a lock on the server occurs, you can immediately see which query is causing the lock and which query is pending. sp_lock2_b of LazyLog contains a lock monitoring detail with the query in 10 second increments. If lock monitoring is important in an OLTP environment, adjust the collection interval accordingly (3 seconds recommended).

database-2-2-713_en