How to run Backtrace to help diagnose issues with Enterprise Vault
|Article:TECH180757|||||Created: 2012-02-06|||||Updated: 2013-05-03|||||Article URL http://www.symantec.com/docs/TECH180757|
Backtrace enables log files to be obtained that contain tracing information from Enterprise Vault processes in which the logging starts before a problem occurs. Unlike the DTrace utility log files, a Backtrace log contains tracing information from a single process.
Backtrace retains tracing information in memory until a previously defined trigger event occurs. Backtrace then writes a limited amount of DTrace information to a log file. The log file contains DTtrace information from before and after the trigger event occurred.
When Backtrace is enabled the default is for it to create logs for all Enterprise Vault errors and warnings. This behavior can be modified by editing the Backtrace registry values.
If DTrace is ran, Enterprise Vault automatically disables Backtrace while DTrace is running.
Warning: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes.
1. Edit the Backtrace registry values on the Enterprise Vault server that requires tracing.
2. Change the Enabled (DWORD) value to 1.
3. (Optional) To exclude a list of event ids from triggering Backtrace, change the RuleType (String) value to Exclude.
4. (Optional) Change the Exclude (String) value to a semicolon separated list of event IDs that Backtrace will ignore.
5. (Optional) To include a list of event ids that trigger Backtrace, change the RuleType (String) value to Include.
6. (Optional) Change the Include (String) value to a semicolon separated list of event IDs that Backtrace will include.
7. Reproduce the issue or error. Each Enterprise Vault process on the server maintains Backtrace information in memory. When a trigger event occurs, Backtrace writes trace information to a log file.
8. Change the Enabled (DWORD) value to 0 to disable Backtrace.
9. Collect the log file which is written by default to the Enterprise Vault Reports folder and send to Symantec Support.
e.g. c:\Program Files (x86)\Enterprise Vault\Reports\Backtrace\20110531
The Backtrace log file names comprise the following items, separated by underscores:
■ The name begins with "EV".
■ Local date and time in the format YYYYMMDD_HHMMSSmmm
■ Server name. The name of the server on which the process is running.
■ Process name. The name of the process that is traced.
■ Process ID. The ID of the process that is traced.
■ Event IDs. The name contains a maximum of five IDs of the most recent events that are in the file.
The following example shows a log file name when error event 8938 from the Admin service triggers Backtrace on server "MYSERVER". The trigger event 8938 is followed by error event 8942:
For additional information refer to the Backtrace chapter within the Utilities Guide.
Article URL http://www.symantec.com/docs/TECH180757