Microsoft has released a Linux version of the utility ProcDump

ProcDump for Linux is the reincarnation of the classic ProcDump tool from the suite of technical tools and utilities for managing, diagnosing, troubleshooting, and monitoring the Microsoft Windows environment.



Specifically, this tool from Mark Rusinovich shows how much CPU resources the process should take and how much time must pass before ProcDump creates a dump of the process. That is, the dump is recorded automatically when the process once again increases the load on the CPU above a certain threshold.

For example, under Windows, we want to study the anomalous behavior of wmiprvse.exe (WMI Provider Host process), which at arbitrary points in time takes up to 90% of CPU resources. Then we run the following command, which will write a dump of this process three times in case the CPU consumes more than 80% within three seconds.

procdump.exe -c 80 -s 3 -n 3 wmiprvse

Indeed, very comfortable.



The Linux version works about the same as under Windows, except that the options in the program are smaller:

Usage: procdump [OPTIONS ...] TARGET
   OPTIONS
      -C CPU threshold from 0 to 100 * nCPU
      -c CPU threshold from 0 to 100 * nCPU
      -M Memory commit threshold in MB at
      -m Trigger when memory commit drops below specified MB value.
      -n Number of dumps to write before exiting
      -s Consecutive seconds before dump is written (default is 10)
   TARGET must be exactly one of these:
      -p pid of the process
      -w Name of the process executable

At the moment, only work on the kernel 3.5 or higher version is supported.