Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Archiving and eDiscovery Community Blog

Enterprise Vault Backtrace

Created: 10 Sep 2012 • Updated: 29 May 2014
Rob.Wilcox's picture
0 0 Votes
Login to vote

To be fair I've only used Backtrace once.  It was very useful though for finding more information out about the problem to hand (I'll write about *that* particular thing another time, this is about Backtrace!)

As many people will know it was introduced in Enterprise Vault 9.0.3.  The whole idea of Backtrace is that it logs DTRACE-like information out to file BEFORE a problem occurs.  Before Backtrace it was often a back-and-forth 'game' with customers and repro environments to get the right data captured in a DTRACE.  Usually, with things like triggers, or filters, you miss some of the useful information, or you only discover that you need 'more' after you've looked at the first trace.

Backtrace helps all these things!

Here is a simple checklist to get a Backtrace generated on a particular event id:

1.  Enable BackTrace

2.  Edit the RuleType to Include

3.  Edit the Include string to give a semi-colon list of event ID's

4.  Repro the problem.

5.  Collect the log files

6.  Disable BackTrace

Original screenshot:

Say I want to capture the event which is logged when memory is at 95% capacity (now this is simple enough with DTRACE, but, bear with me).  We would set the Enabled flag to 1, then refresh regedit, because some other keys will be automagically created for us.

We then edit the RuleType key, and the Include key.  Then we set the Include key to list the event id's.  In this case it's 4144

And here it is again, set it up to capture the above

Now when the event is logged we'll see trace like this:

(The above highlights the actual event which was logged)

There is a great technote which covers much of what is necessary to know:

There is also some great information on BackTrace in the Utilities Guide in the Enterprise Vault Documentation.