This article illustrates a common technique to gather perfmon counter logs from a modern Microsoft Windows Server. We use all native operating system binaries and do it remotely from PowerShell.

We use perfmon.exe and logman.exe via WinRM (a.k.a. PowerShell Remoting) to create a perfmon counter log. We can then start, stop or delete the counter log on the remote Windows server. All actions are performed from your client device (i.e. dektop/laptop). There is no need to log directly into the remote server.

Step 1. Launch PowerShell (UAC)
Right-click PowerShell and Run As administrator.

Step 2. Create Session to Remote Server
We assume you are running PowerShell as a user that has the ability to access to the remote system.

$session = New-PSSession -ComputerName <IP Address or DNS Name>

If needed, use the Credential parameter of New-PSSession

Step 3. Create perfmon Counter Log

Invoke-Command -Session $session -ScriptBlock { Logman.exe create counter Perf-Counter-Log -o "c:\perflogs\Perftest.blg" -f bincirc -v mmddhhmm -max 350 -c "\LogicalDisk(*)\*" "\Memory\*" "\Network Interface(*)\*" "\Paging File(*)\*" "\PhysicalDisk(*)\*" "\Process(*)\*" "\Redirector\*" "\Server\*" "\System\*" -si 00:00:30 }

Step 4. Start the perfmon Counter Log

Invoke-Command -Session $session -ScriptBlock {logman.exe start perf-counter-log}

Step 5. Stop the perfmon Counter Log

Invoke-Command -Session $session -ScriptBlock {logman.exe stop perf-counter-log}

Optionally, delete the perf-counter-log with logman.exe delete perf-counter-log or keep it to capture counter logs in the future.

Step 6. Disconnect Remoting (WinRM) Session
To end the session completely, we can close PowerShell or:

Disconnect-PSSession -Session $session

Output Location

Each time you start and stop a perfmon counter log, a new .blg file is created in c:\perflogs (default location).

Optionally, use Copy-Item <source> <destination> to copy one or more items to your local machine or some other path.


In this article we showed how to collect Windows Server performance traces using the native Windows tool perfmon. We showed how to do this using Microsoft PowerShell. All tools are default and included with the operating system.


This technique is based on a Microsoft PFE case from some years ago. Formerly, it was command prompt only. Here, we updated the approach to support PowerShell and Remoting.