Enterprise Vault Backtrace
To be fair I've only used Backtrace once. It was very useful though for finding more information out about the problem to hand (I'll write about *that* particular thing another time, this is about Backtrace!)
As many people will know it was introduced in Enterprise Vault 9.0.3. The whole idea of Backtrace is that it logs DTRACE-like information out to file BEFORE a problem occurs. Before Backtrace it was often a back-and-forth 'game' with customers and repro environments to get the right data captured in a DTRACE. Usually, with things like triggers, or filters, you miss some of the useful information, or you only discover that you need 'more' after you've looked at the first trace.
Backtrace helps all these things!
Here is a simple checklist to get a Backtrace generated on a particular event id:
1. Enable BackTrace
2. Edit the RuleType to Include
3. Edit the Include string to give a semi-colon list of event ID's
4. Repro the problem.
5. Collect the log files
6. Disable BackTrace
Say I want to capture the event which is logged when memory is at 95% capacity (now this is simple enough with DTRACE, but, bear with me). We would set the Enabled flag to 1, then refresh regedit, because some other keys will be automagically created for us.
We then edit the RuleType key, and the Include key. Then we set the Include key to list the event id's. In this case it's 4144
And here it is again, set it up to capture the above
Now when the event is logged we'll see trace like this:
(The above highlights the actual event which was logged)
There is a great technote which covers much of what is necessary to know: http://www.symantec.com/docs/TECH180757
There is also some great information on BackTrace in the Utilities Guide in the Enterprise Vault Documentation.