-
-
- Converting your LOB tables from BasicFiles to SecureFiles format in Symantec Data Loss Prevention 14.6 and 15.x:
- Error: "ORA-28000: the account is locked" in Symantec DLP Enforce
- How to change the "protect" user password in the Oracle database for Symantec DLP
- How to default to the local database when logging in from the command line
- How to Extend Oracle tablespace (LOB_TABLESPACE, USERS, etc.) when almost full
- How to Removing Oracle Database Client Software for symantec DLP
- Show all articles ( 1 ) Collapse Articles
-
- Best Practice for Endpoint Agents with Antivirus Protection
- Creating a new agent attribute in Symantec DLP
- Generating agent installation packages for Symantec DLP
- How to collect the Endpoint Agent logs
- How to install the Symantec DLP Agent (Windows)
- How to remove the Symantec DLP Endpoint Agent (Mac)
- How to remove the Symantec DLP Endpoint Agent (Windows)
- How to Speed up the incident traffic from endpoint to endpoint server
- How to start DLP Agents that run on Mac endpoints
- How to troubleshoot DLP Agent status not reporting as expected on Enforce
- Troubleshoot Agents not reporting into the Enforce Console
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 7 ) Collapse Articles
-
- Configuring LDAP Lookup Plugins in Symantec DLP 15.5+
- Creating a new agent attribute in Symantec DLP
- Default ports used by Symantec DLP
- Disable SSLv3, TLSv1.1, and TLSv1.0 on Data Loss Prevention components
- fixing Enforce Server migration fail for three-tier environments due to "DatabaseProcessCheck"
- Generating Syslog messages from Symantec Data Loss Prevention
- How To Access DLP incidents
- How to Configure AD User login Authentication in Enforce for Data Loss Prevention 15.x and above
- How to configure the LDAP Lookup Plug-In within Symantec DLP
- How to create a report in Symantec DLP
- How To create a user role in Symantec DLP
- How to create users in Symantec DLP
- How to create, sign, and import an SSL certificate signed by a Trusted Certificate Authority
- How to create, start & stop Discover scans in Symantec DLP
- How to enable Finest level logging on DLP agents
- How to enable Syslog Logging for Symantec Data Loss Prevention
- How to export incidents in Symantec DLP
- How to filter incidents and Summarise in Symatec DLP
- How to gather a process dump using the ProcDump Tool
- How to increase the max number of incidents exported within Symantec DLP
- How To Login to the Symantec DLP Console
- How to Obtain a Broadcom/Symantec Support Site ID
- How to obtain the Symantec DLP Server Log files: location and description
- How to restart Symantec DLP services (14.6-15.0)
- How to restart Symantec DLP Services for Oracle Patching
- How To Restore the DLP Enforce Server across platforms in three-tier deployments
- How to set incident status in Symantec DLP
- How to solve Error: "Error 1802: Corrupted incident received"
- The maximum number of Agents than can be allowed to export, print or mail from Agents Summary Report or Agents Legacy Summary Report.
- What Are the Differences Between the “same” and “any” Components in Symantec DLP Rules?
- Show all articles ( 25 ) Collapse Articles
-
- Best Practices for Scanning Files Larger Than 30MB Using Discover
- Default ports used by Symantec DLP
- How To Access DLP incidents
- How to filter incidents and Summarise in Symatec DLP
- How To troubleshoot DLP Network Discover scan common errors
- Symantec Network Detection is not working for DLP User Groups that index the Domain Users AD Security Group
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 2 ) Collapse Articles
-
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
Created On
byJosh Kee
0 out Of 5 Stars
| 5 Stars | 0% | |
| 4 Stars | 0% | |
| 3 Stars | 0% | |
| 2 Stars | 0% | |
| 1 Stars | 0% |
You are here:
- KB Home
- Symantec Articles
- Symantec DLP Enforce
- How to gather a process dump using the ProcDump Tool
< Back
Microsoft Windows
- Download the ProcDump tool for Windows and save it to the root of the C: drive on the system in question.
- Run the commands from the command prompt.
The following syntax can be used while running the tool depending on what data is required in the process dump file:
procdump [-64] [-c CPU usage [-u] [-s seconds] [-n exceeds]] [-h] [-e] [-ma] [-r] [-o] [ [dump file]] | [-x][arguments]
Common Switches:
- -ma — Creates a dump of all process memory. This switch should always be used for support cases in order to ensure as much information as possible is collected.
- -e — Creates a dump when the target process encounters an unhandled exception. This is useful for most crashes.
- -t — Generates a dump when the process ends, even if no errors were encountered.
- -w — Instructs ProcDump to wait for a process with the specified name to launch. This is used when you want to start ProcDump before the process.
- -i — Install ProcDump as the post mortem debugger for Windows Processes. This will allow ProcDump to automatically be invoked on application errors.
- -u — When run with no other arguments, will uninstall ProcDump as the post mortem debugger.
- -c — Specify a CPU threshold at which to generated a dump. This is typically used when troubleshooting high CPU usage issues.
- -m — Specify a memory usage threshold (in MB) at which to generate a dump. This is typically used when troubleshooting high memory usage issues or memory leaks.
- -s — Write a dump after specified number of seconds. This is useful in conjunction with -c and -m.
- -n — Write n number of dumps.
- -x [arguments] — Have ProcDump execute the executable and writing the dump file to the specified arguments.
- -64 — Forces the creation of 64-bit dump. This switch should generally not be used on 32-bit processes.
Linux
- Download and install the ProcDump tool for Linux, per the instructions on GitHub, to the system in question.
- Run the commands from the command prompt with
sudo.
The following syntax can be used while running the tool depending on what data is required in the process dump file:
sudo procdump [OPTIONS...] TARGET
Common Switches:
- -C –CPU threshold at which to create a dump of the process from 0 to 100 * nCPU.
- -c — CPU threshold below which to create a dump of the process from 0 to 100 * nCPU.
- -M — Memory commit threshold in MB at which to create a dump.
- -m — Trigger when memory commit drops below specified MB value.
- -n — Number of dumps to write before exiting.
- -s — Consecutive seconds before dump is written (default is 10)
TARGET must be specified as -p pid, where pid is of the process in question.
Command Line Examples:
- Immediately generate a full memory process dump for CcSvcHst.exe: procdump -ma CcSvcHst.exe
- Generate a full memory process dump for the process with PID 4512 when it exists: procdump -ma -t 4512
- Attach to a process with the name httpd.exe when it launches. Then generate a full dump, if it encounters an unhandled exception: procdump -ma -e -w httpd.exe
- Have ProcDump run BadApp.exe and write a full dump to C:\Dumps if it encounters an unhandled exception: procdump -ma -e -x C:\Dumps C:\Program Files\BadApp\BadApp.exe
- Install ProcDump as the postmortem debugger, and instruct it to write full dumps to C:\Dumps: procdump -ma -i C:\Dumps
- Create up to 3 full dumps of the process with PID 3213, if that process consumes 75% or more total CPU for 10 seconds: procdump -ma -c 75 -s 10 -n 3 3213
References:
http://technet.microsoft.com/en-us/sysinternals/dd996900.aspx
https://github.com/Microsoft/ProcDump-for-Linux
Was this article helpful?
0 out Of 5 Stars
| 5 Stars | 0% | |
| 4 Stars | 0% | |
| 3 Stars | 0% | |
| 2 Stars | 0% | |
| 1 Stars | 0% |