Microsoft has released a Linux version of the utility ProcDump

ProcDump for Linux is the reincarnation of the classic ProcDump tool from the suite of hardware and utilities for managing, diagnosing, troubleshooting, and monitoring the Microsoft Windows environment.



Specifically, this tool from Mark Rusinovich shows how much CPU resources the process should take and how much time must pass before ProcDump creates a dump of the process. That is, the dump is recorded automatically when the process once again increases the load on the CPU above a certain threshold.

For example, under Windows, we want to study the anomalous behavior of wmiprvse.exe (the WMI Provider Host process), which at arbitrary points in time takes up to 90% of CPU resources. Then we run the following command, which will write a dump of this process three times in case the CPU consumes more than 80% within three seconds.
')
procdump.exe -c 80 -s 3 -n 3 wmiprvse

Very comfortable indeed.



The Linux version works in much the same way as under Windows, except that the options in the program are smaller:

  Usage: procdump [OPTIONS ...] TARGET
    OPTIONS
       -C CPU threshold from 0 to 100 * nCPU
       -c CPU threshold from 0 to 100 * nCPU
       -M Memory commit threshold in MB at
       -m Trigger when memory commit drops below specified MB value.
       -n Number of dumps to write before exiting
       -s Consecutive seconds before dump is written (default is 10)
    TARGET must be exactly one of these:
       -p pid of the process
       -w Name of the process executable 

At the moment, only work on the kernel 3.5 or higher version is supported.