Sysinternals are very widely used tools from Microsoft in the Windows world, and now the ProcDump utility has been ported over to Linux as an Open Source project from Microsoft. ProcDump is a command-line (CLI) utility for monitoring an application for CPU spikes and generates crash dumps during the spike. An admin or developer can use these crash dumps to determine the cause of the spike. This tool was originally built for Windows, and now it’s available for use on Linux as well!

This is not a community port, but rather an official Open Source project from Microsoft. As such, this is the official Linux version of Sysinternals ProcDump created and maintained by Microsoft. Plus, it’s licensed under the MIT License.

Linux ProcDump Usage

Usage: procdump [OPTIONS...] TARGET
   OPTIONS
      -h          Prints this help screen
      -C          Trigger core dump generation when CPU exceeds or equals specified value (0 to 100 * nCPU)
      -c          Trigger core dump generation when CPU is less than specified value (0 to 100 * nCPU)
      -M          Trigger core dump generation when memory commit exceeds or equals specified value (MB)
      -m          Trigger core dump generation when when memory commit is less than specified value (MB)
      -T          Trigger when thread count exceeds or equals specified value.
      -F          Trigger when filedescriptor count exceeds or equals specified value.
      -I          Polling frequency in milliseconds (default is 1000)
      -n          Number of core dumps to write before exiting (default is 1)
      -s          Consecutive seconds before dump is written (default is 10)
      -d          Writes diagnostic logs to syslog
   TARGET must be exactly one of these:
      -p          pid of the process
      -w          Name of the process executable

Linux ProcDump Examples

Create core dump immediately:

sudo procdump -p 1234

Create 3 core dumps 10 seconds apart:

sudo procdump -n 3 -p 1234

Create 3 core dumps 5 seconds apart:

sudo procdump -n 3 -s 5 -p 1234

Create a core dump each time the process has CPU usage >= 65%, up to 3 times, with at least 10 seconds between each dump:

sudo procdump -C 65 -n 3 -p 1234

Create a core dump when CPU usage is outside the range [10,65]:

sudo procdump -c 10 -C 65 -p 1234

Download Sysinternals ProcDump for Linux

The Sysinternals ProcDump for Linux utility is licensed under MIT License, and available over in it’s GitHub repo: https://github.com/Microsoft/ProcDump-for-Linux

System Requirements

Minimum Operating System
- Red Hat Enterprise Linux (RHEL) / CentOS 7
- Fedora 29
- Ubuntu 16.04 LTS
gdb >= 7.6.1
zlib (buil-time only)

Installation Instructions

Download

Happy monitoring your process dumps and troubleshooting your apps!

About the Author

Chris Pietschmann

Chris Pietschmann is a Microsoft MVP, HashiCorp Ambassador, and Microsoft Certified Trainer (MCT) with 20+ years of experience designing and building Cloud & Enterprise systems. He has worked with companies of all sizes from startups to large enterprises. He has a passion for technology and sharing what he learns with others to help enable them to learn faster and be more productive.