| # |
| # Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. |
| # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| # |
| # This code is free software; you can redistribute it and/or modify it |
| # under the terms of the GNU General Public License version 2 only, as |
| # published by the Free Software Foundation. |
| # |
| # This code is distributed in the hope that it will be useful, but WITHOUT |
| # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| # version 2 for more details (a copy is included in the LICENSE file that |
| # accompanied this code). |
| # |
| # You should have received a copy of the GNU General Public License version |
| # 2 along with this work; if not, write to the Free Software Foundation, |
| # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| # |
| # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| # or visit www.oracle.com if you need additional information or have any |
| # questions. |
| # |
| |
| config.execSuffix=.exe |
| config.getChildren.app=bash |
| config.getChildren.pattern=%p |
| config.getChildren.args=-c\0wmic process where ParentProcessId=%p get ProcessId | tail -n+2 |
| config.getChildren.args.delimiter=\0 |
| ################################################################################ |
| # process info to gather |
| ################################################################################ |
| onTimeout=\ |
| native.info \ |
| native.pmap.normal native.pmap.everything \ |
| native.files native.locks \ |
| native.stack native.core |
| ################################################################################ |
| native.pattern=%p |
| native.javaOnly=false |
| native.args=%p |
| |
| native.info.app=wmic |
| native.info.args=process where processId=%p list full |
| |
| native.pmap.app=pmap |
| native.pmap.normal.args=%p |
| native.pmap.everything.args=-x %p |
| |
| native.files.app=handle |
| native.files.args=-p %p |
| # TODO |
| native.locks.app=lslocks |
| native.locks.args=-u --pid %p |
| |
| native.stack.app=cdb |
| native.stack.args=-c "~*kP n;qd" -p %p |
| native.stack.params.repeat=6 |
| |
| native.core.app=cdb |
| native.core.args=-c ".dump /f core.%p;qd" -p %p |
| native.core.params.timeout=3600000 |
| ################################################################################ |
| # environment info to gather |
| ################################################################################ |
| environment=\ |
| users.current users.logged \ |
| disk \ |
| env \ |
| system.events.system system.events.application system.os \ |
| process.top process.ps process.tasklist \ |
| memory.free memory.vmstat.default memory.vmstat.statistics \ |
| memory.vmstat.slabinfo memory.vmstat.disk \ |
| files \ |
| net.sockets net.statistics |
| ################################################################################ |
| users.current.app=id |
| users.current.args=-a |
| users.logged.app=query |
| users.logged.args=user |
| |
| disk.app=df |
| disk.args=-h |
| |
| env.app=env |
| |
| system.events.app=powershell |
| system.events.delimiter=\0 |
| system.events.system.args=-NoLogo\0-Command\0Get-EventLog System -After (Get-Date).AddDays(-1) | Format-List |
| system.events.application.args=-NoLogo\0-Command\0Get-EventLog Application -After (Get-Date).AddDays(-1) | Format-List |
| |
| system.os.app=wmic |
| system.os.args=os get /format:list |
| |
| process.top.app=top |
| process.top.args=-b -n 1 |
| process.ps.app=ps |
| process.ps.args=-efW |
| process.tasklist.app=tasklist |
| process.tasklist.args=/V |
| |
| memory.free.app=free |
| memory.vmstat.app=vmstat |
| memory.vmstat.statistics.args=-s |
| memory.vmstat.slabinfo.args=-m |
| memory.vmstat.disk.args=-d |
| |
| files.app=openfiles |
| files.args=/query |
| |
| net.sockets.app=bash |
| net.sockets.args=-c\0netstat -b -a -t -o || netstat -a -t -o |
| net.sockets.args.delimiter=\0 |
| net.statistics.app=netstat |
| net.statistics.args=-s -e |
| ################################################################################ |