#
# Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
# or visit www.oracle.com if you need additional information or have any
# questions.
#
config.execSuffix=.exe
config.getChildren.app=bash
config.getChildren.pattern=%p
config.getChildren.args=-c\0wmic process where ParentProcessId=%p get ProcessId | tail -n+2
config.getChildren.args.delimiter=\0
################################################################################
# process info to gather
################################################################################
onTimeout=\
native.info \
native.pmap.normal native.pmap.everything \
native.files native.locks \
native.stack native.core
################################################################################
native.pattern=%p
native.javaOnly=false
native.args=%p
native.info.app=wmic
native.info.args=process where processId=%p list full
native.pmap.app=pmap
native.pmap.normal.args=%p
native.pmap.everything.args=-x %p
native.files.app=handle
native.files.args=-p %p
# TODO
native.locks.app=lslocks
native.locks.args=-u --pid %p
native.stack.app=cdb
native.stack.args=-c "~*kP n;qd" -p %p
native.stack.params.repeat=6
native.core.app=cdb
native.core.args=-c ".dump /f core.%p;qd" -p %p
native.core.params.timeout=3600000
################################################################################
# environment info to gather
################################################################################
environment=\
users.current users.logged \
disk \
env \
system.events.system system.events.application system.os \
process.top process.ps process.tasklist \
memory.free memory.vmstat.default memory.vmstat.statistics \
memory.vmstat.slabinfo memory.vmstat.disk \
files \
net.sockets net.statistics
################################################################################
users.current.app=id
users.current.args=-a
users.logged.app=query
users.logged.args=user
disk.app=df
disk.args=-h
env.app=env
system.events.app=powershell
system.events.delimiter=\0
system.events.system.args=-NoLogo\0-Command\0Get-EventLog System -After (Get-Date).AddDays(-1) | Format-List
system.events.application.args=-NoLogo\0-Command\0Get-EventLog Application -After (Get-Date).AddDays(-1) | Format-List
system.os.app=wmic
system.os.args=os get /format:list
process.top.app=top
process.top.args=-b -n 1
process.ps.app=ps
process.ps.args=-efW
process.tasklist.app=tasklist
process.tasklist.args=/V
memory.free.app=free
memory.vmstat.app=vmstat
memory.vmstat.statistics.args=-s
memory.vmstat.slabinfo.args=-m
memory.vmstat.disk.args=-d
files.app=openfiles
files.args=/query
net.sockets.app=bash
net.sockets.args=-c\0netstat -b -a -t -o || netstat -a -t -o
net.sockets.args.delimiter=\0
net.statistics.app=netstat
net.statistics.args=-s -e
################################################################################