1 # 2 # Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved. 3 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 # 5 # This code is free software; you can redistribute it and/or modify it 6 # under the terms of the GNU General Public License version 2 only, as 7 # published by the Free Software Foundation. 8 # 9 # This code is distributed in the hope that it will be useful, but WITHOUT 10 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 # version 2 for more details (a copy is included in the LICENSE file that 13 # accompanied this code). 14 # 15 # You should have received a copy of the GNU General Public License version 16 # 2 along with this work; if not, write to the Free Software Foundation, 17 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 # 19 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 # or visit www.oracle.com if you need additional information or have any 21 # questions. 22 # 23 24 config.execSuffix=.exe 25 config.getChildren.app=bash 26 config.getChildren.pattern=%p 27 config.getChildren.args=-c\0wmic process where ParentProcessId=%p get ProcessId | tail -n+2 28 config.getChildren.args.delimiter=\0 29 ################################################################################ 30 # process info to gather 31 ################################################################################ 32 onTimeout=\ 33 native.info \ 34 native.pmap.normal native.pmap.everything \ 35 native.files native.locks \ 36 native.stack native.core 37 ################################################################################ 38 native.pattern=%p 39 native.javaOnly=false 40 native.args=%p 41 42 native.info.app=wmic 43 native.info.args=process where processId=%p list full 44 45 native.pmap.app=pmap 46 native.pmap.normal.args=%p 47 native.pmap.everything.args=-x %p 48 49 native.files.app=handle 50 native.files.args=-p %p 51 # TODO 52 native.locks.app=lslocks 53 native.locks.args=-u --pid %p 54 55 native.stack.app=cdb 56 native.stack.args=-c "~*kP n;qd" -p %p 57 native.stack.params.repeat=6 58 59 native.core.app=cdb 60 native.core.args=-c ".dump /f core.%p;qd" -p %p 61 native.core.params.timeout=3600000 62 ################################################################################ 63 # environment info to gather 64 ################################################################################ 65 environment=\ 66 users.current users.logged \ 67 disk \ 68 env \ 69 system.events.system system.events.application system.os \ 70 process.top process.ps process.tasklist \ 71 memory.free memory.vmstat.default memory.vmstat.statistics \ 72 memory.vmstat.slabinfo memory.vmstat.disk \ 73 files \ 74 net.sockets net.statistics net.ipconfig \ 75 screenshot 76 ################################################################################ 77 users.current.app=id 78 users.current.args=-a 79 users.logged.app=query 80 users.logged.args=user 81 82 disk.app=df 83 disk.args=-h 84 85 env.app=env 86 87 system.events.app=powershell 88 system.events.delimiter=\0 89 system.events.system.args=-NoLogo\0-Command\0Get-EventLog System -After (Get-Date).AddDays(-1) | Format-List 90 system.events.application.args=-NoLogo\0-Command\0Get-EventLog Application -After (Get-Date).AddDays(-1) | Format-List 91 92 system.os.app=wmic 93 system.os.args=os get /format:list 94 95 process.top.app=top 96 process.top.args=-b -n 1 97 process.ps.app=ps 98 process.ps.args=-efW 99 process.tasklist.app=tasklist 100 process.tasklist.args=/V 101 102 memory.free.app=free 103 memory.vmstat.app=vmstat 104 memory.vmstat.statistics.args=-s 105 memory.vmstat.slabinfo.args=-m 106 memory.vmstat.disk.args=-d 107 108 files.app=openfiles 109 files.args=/query 110 111 net.sockets.app=bash 112 net.sockets.args=-c\0netstat -b -a -t -o || netstat -a -t -o 113 net.sockets.args.delimiter=\0 114 net.statistics.app=netstat 115 net.statistics.args=-s -e 116 net.ipconfig.app=ipconfig 117 net.ipconfig.args=/all 118 119 screenshot.app=bash 120 screenshot.args=-c\0\ 121 echo '\ 122 var robot = new java.awt.Robot();\ 123 var ge = java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment();\ 124 var bounds = ge.getDefaultScreenDevice().getDefaultConfiguration().getBounds();\ 125 var capture = robot.createScreenCapture(bounds);\ 126 var file = new java.io.File(""screen.png"");\ 127 javax.imageio.ImageIO.write(capture, ""png"", file);\ 128 ' | jshell - 129 screenshot.args.delimiter=\0 130 ################################################################################