detection.wiki

Microsoft-Windows-Kernel-Cache › Event 102

Event ID 102 — Global Periodic Cache Information.

Provider
Microsoft-Windows-Kernel-Cache
Channel
Operational
Level
Informational
Task
CacheGlobalPeriodic

Description

Global Periodic Cache Information.

Message #

Global Periodic Cache Information:

                       Period Duration (microseconds): %1
                       Number of NUMA Nodes: %18
                       Event Samples: %2
                       Total Number of Mapped VACBs: %3
                       Total Partition Samples: %4
                       Total Volume Samples: %5
                       Total Pages Yet to Write: %6
                       Total Dirty Pages: %7
                       Total Available Pages: %8
                       Total Number of Worker Threads: %9
                       Total Number of Active Worker Threads: %10
                       Total Average Available Pages: %11
                       Total Average Dirty Pages: %12
                       CopyRead Calls: %13
                       AsyncCopyRead Calls: %14
                       CopyWriteCalls: %15
                       SetValidData Calls: %16
                       FlushCache Calls: %17

Fields #

NameDescription
PeriodDurationMicroSec UInt64[Global Periodic Cache Information] Period Duration (microseconds).
EventSamples UInt64[Global Periodic Cache Information] Event Samples.
TotalNumberOfMappedVacbs UInt64[Global Periodic Cache Information] Total Number of Mapped VACBs.
TotalPartitionSamples UInt64[Global Periodic Cache Information] Total Partition Samples.
TotalVolumeSamples UInt64[Global Periodic Cache Information] Total Volume Samples.
TotalPagesYetToWrite UInt64[Global Periodic Cache Information] Total Pages Yet to Write.
TotalDirtyPages UInt64[Global Periodic Cache Information] Total Dirty Pages.
TotalAvailablePages UInt64[Global Periodic Cache Information] Total Available Pages.
TotalNumberWorkerThreads UInt64[Global Periodic Cache Information] Total Number of Worker Threads.
TotalNumberActiveWorkerThreads UInt64[Global Periodic Cache Information] Total Number of Active Worker Threads.
TotalAverageAvailablePages UInt64[Global Periodic Cache Information] Total Average Available Pages.
TotalAverageDirtyPages UInt64[Global Periodic Cache Information] Total Average Dirty Pages.
CcCopyReadCalls UInt64[Global Periodic Cache Information] CopyRead Calls.
CcAsyncCopyReadCalls UInt64[Global Periodic Cache Information] AsyncCopyRead Calls.
CcCopyWriteCalls UInt64[Global Periodic Cache Information] CopyWriteCalls.
CcSetValidDataCalls UInt64[Global Periodic Cache Information] SetValidData Calls.
CcFlushCacheCalls UInt64[Global Periodic Cache Information] FlushCache Calls.
NumberOfNUMANodes UInt32[Global Periodic Cache Information] Number of NUMA Nodes.

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Kernel-Cache",
    "guid": "A2D34BF1-70AB-5B21-C819-5A0DD42748FD",
    "event_source_name": "",
    "event_id": 102,
    "version": 3,
    "level": 4,
    "task": 102,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2023-11-06T01:55:43.038583+00:00",
    "event_record_id": 98,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 20724
    },
    "channel": "Microsoft-Windows-Kernel-Cache/Operational",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "PeriodDurationMicroSec": 3644934575,
    "EventSamples": 29,
    "TotalNumberOfMappedVacbs": 138048,
    "TotalPartitionSamples": 29,
    "TotalVolumeSamples": 116,
    "TotalPagesYetToWrite": 19570,
    "TotalDirtyPages": 54912,
    "TotalAvailablePages": 17380487,
    "TotalNumberWorkerThreads": 464,
    "TotalNumberActiveWorkerThreads": 0,
    "TotalAverageAvailablePages": 134464943,
    "TotalAverageDirtyPages": 72254,
    "CcCopyReadCalls": 3616969,
    "CcAsyncCopyReadCalls": 3935,
    "CcCopyWriteCalls": 475546,
    "CcSetValidDataCalls": 44286,
    "CcFlushCacheCalls": 237825,
    "NumberOfNUMANodes": 1
  },
  "message": ""
}

References #