Synopsis
This knowledge base article details the meaning of each of the Exclaimer Performance counters that are available in the Statistics pane of the control panel applet and are published through the Windows performance counters API.
Using the Counters
The Exclaimer counters can be used either from the Exclaimer UI or using WMI or the Windows Performance monitor tool.
Performance Counters & their meaning
Exclaimer Emails Processed
| Counter | Description |
| Incoming | Number of messages classified as incoming that have been received by Exclaimer. This does not include any messages that may have been dropped or aborted because of anti-spam classifications. |
| Internal | Number of messages classified as internal. |
| Outgoing | Number of messages classified as outgoing. |
| Total | Total number of messages received by Exclaimer. This number may be larger than the sum of the previous three counters because certain types of messages are excluded from any further analysis. These are:
- Administrative messages that were from the Exclaimer system
- Read-reciept (or other messages) messages from mail monitor accounts
- Message that are both internal & outgoing
Also, if all the Exclaimer features are disabled then this counter will still increment but none of the classified counters will.
|
Exclaimer Features
| Counter | Description |
| Up time | Time in weeks, days, hours, minutes and seconds that the Exclaimer system has been running. Each time the server is rebooted or the IIS admin service is restarted, this counter will reset. |
| Disclaimers - Incoming | Number of messages that were classified as incoming that had a successful disclaimer added. |
| Disclaimers - Internal | Number of messages that were classified as internal that had a successful disclaimer added. |
| Disclaimers - Outgoing | Number of messages that were classified as outgoing that had a successful disclaimer added. |
| Disclaimers - Total | Total number of disclaimers that were added to messages. |
| Monitored incoming messages | Number of messages that were classified as incoming that were monitored |
| Monitored internal messages | Number of messages that were classified as internal that were monitored |
| Monitored outgoing messages | Number of messages that were classified as outgoing that were monitored |
| Monitored messages | Total number of messages that were monitored |
| Delivery Options | Total number of messages that had delivery options applied to them |
| Autoresponse | Total number of messages that had an auto-response sent to the sender. |
| Anti-spam: Not Spam | Total number of messages that were classified as incoming that were set to deliver directly without any further anti-spam tests. |
| Anti-spam: Marked | Total number of messages that were classified as incoming that were marked in some way by the anti-spam tests. |
| Anti-spam: Dropped | Total number of messages that were classified as incoming that were dropped during the SMTP protocol or were aborted during transport because they were classified as spam and the anti-spam settings were set to "Reject" |
| Anti-spam: Staged | Total number of messages that were classified as incoming and the detection center was unsure if the message was spam or not and requested a (typically) 10 minute delay before re-test |
| Anti-spam: Detection center messages | Total number of messages that were classified as incoming that were submitted to the detection center for analysis. Note: This counter also includes staged messages that were resubmitted for second line analysis. |
Exclaimer Errors & Warnings
| Counter | Description |
| Feature Failed - Incoming disclaimer | Total number of messages that should have had an incoming disclaimer added but failed to do so. |
| Feature Failed - Internal disclaimer | Total number of messages that should have had an internal disclaimer added but failed to do so. |
| Feature Failed - Outgoing disclaimer | Total number of messages that should have had an outgoing disclaimer added but failed to do so. |
| Feature Failed - Monitor message | Total number of messages that should have been monitored but failed to to do so. |
| Fault Tolerance Triggered | Total number of failures that triggered the error handling/fault tolerance action in Exclaimer |
| Detection Center Faults | Total number of faults reported by the anti-spam detection center. |
Exclaimer Spam Engine Counters
| Counter | Description |
| Trusted IP | Total number of messages that were classified as having a trust IP address. |
| Blocked IP | Total number of messages that were classified as having a blocked IP address. |
| Spoofed IP | Total number of messages that were classified as having a spoofed IP address. |
| Spoofed Domain | Total number of messages that were classified as having a spoofed domain in the HELO command. |
| Local Whitelist | Total number of messages that were classified in the local whitelist. |
| Local Blacklist | Total number of messages that were classified in the local blacklist. |
| SPF PASS | Total number of messages that were classified as passing the SPF checks. |
| SPF FAIL | Total number of messages that were classified as failing the SPF checks. |
| SPF SOFTFAIL | Total number of messages that were classified as softfailing the SPF checks. |
| DNS WL | Total number of messages that were classified using a DNS whitelist. |
| DNS BL | Total number of messages that were classified using a DNS blacklist. |
| DNS RHS WL | Total number of messages that were classified using a DNS domain whitelist. |
| DNS RHS BL | Total number of messages that were classified using a DNS domain blacklist. |
| Detection Center Bulk | Total number of messages that were classified as BULK by the detection center. |
| Detection Center Spam | Total number of messages that were classified as SPAM by the detection center. |
Exclaimer Timings
The counters in the timings and throughput sections have extra data computed by the Exclaimer UI which is not available in the Perfmon counters as this information can be computed using the perfmon tool. Exclaimer monitors the min, max, total and average values for the following counters.
The timing counters all show elapsed time, not processor time. This means that the timer was started when Exclaimer started the operation in question and was stopped when the operation completed. In a multi-tasking, distributed system these numbers can be substantially altered by the environment; how many processes/threads running on the local system, network performance, connectivity issues, catalogue/domain controller performance.
| Counter | Description |
| Open Directory (ms) | Elapsed timein milliseconds taken to open a catalog server or domain controller for a query for categorization or rule processing. This counter is unused in versions of Exclaimer prior to 4.10. |
| Categorize (ms) | Elapsed time in milliseconds taken to categorize the sender & recipients of a message to determine if they are incoming, internal or outgoing and to collect any other data fromcatalog servers for them. |
| Rule Lookup (ms) | Elapsed time in milliseconds taken to find custom rules. |
| Add Disclaimer (ms) | Elapsed time in milliseconds taken to add disclaimers. |
| Monitor (ms) | Elapsed time in milliseconds taken to monitor messages. |
| Save (ms) | Elapsed time in milliseconds taken to save the message to the backing store (Exchange or Filesystem) after a modification such as adding a disclaimer has occurred. |
| Spam Check (ms) | Elapsed time in milliseconds taken to check incoming messages for spam. |
| DNS Lookup (ms) | Elapsed time in milliseconds taken waiting for DNS servers to reply for anti-spam operations. |
| Detection center lookup (ms) | Elapsed time in milliseconds taken for the round trip to the detection center for anti-spam classification. |
| Total (ms) | Elapsed time in milliseconds that Exclamer was processing messages. |
Exclaimer Throughput
| Counter | Description |
| Message Submission - In / sec | Total number of messages per second being received by Exclaimer at the message submission stage. |
| Message Submission - Out / sec | Total number of messages per second leaving Exclaimer at the message submission stage. If the total numberIn/sec is greater than the total number Out/sec then this may indicate a message flow problem. Investigation of any errors being generated is recommended. |
| Post Categorize - In / sec | Total number of messages per second being received by Exclaimer at the post categorization stage. |
| Post Categorize - Out / sec | Total number of messages per second leaving Exclaimer at thepost categorizestage. If the total numberIn/sec is greater than the total number Out/sec then this may indicate a message flow problem. Investigation of any errors being generated is recommended. |
| Size (MB) | Total size of messages being send through Exclaimer. This number includes attachments. |
Exclaimer DLL
| Counter | Description |
| Sinks loaded | Number of sinks loaded at the current moment in time. A sink is a unit of code that is used by Windows 2000 SMTP service or Microsoft Exchange to provide 3rd party functionality in the mail transport flow. The number of sinks is typically between 6-10. If this is substantially more than this, there may be a problem on your mail server. |
| Processes | Each process that loads the Exclaimer DLL is counted here. This number should never show zero as any tool that can read this number should implicitly load the DLL. This counter may be useful during uninstall when it is necessary to ensure that there are no processes holding the DLL open. See KB article for more details. |
| Threads | The total number of threads that Exclaimer has started for processing. This includes all active and all waiting threads |
| Active threads | The total number of active threads that are currently processing messages in the Exclaimer environment. This number will normally reflect how busy the server is at any particular time. |
| Queued Log Lines | Number of lines that are queued for lazy write to the log file. If this is a large number, this may indicate a problem (perhaps low disk space) in the log file directory. |
| Staged Message | Number ofmessages that are currently waiting to be resubmitted to the detection center for rechecking in the anti-spam module. |
