bill-long/CollectDumpsWPRNmcapOnPerfTrigger.ps1

## CollectDumpsWPRNmcapOnPerfTrigger.ps1
$nmcapDataFolder = 'C:\CollectedData'
$wprDataFolder = 'C:\CollectedData'
$wprBinary = 'C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\wpr.exe'
$procdumpBinary = 'C:\tools\sysinternals\procdump.exe'
$nicToCapture = '*' # Can be a number or *
$numberOfCapFilesToKeep = 5

$localComputerName = [Environment]::MachineName

function Log($logString)
{
    (Get-Date).ToString("o") + " " + $logString
}

# Monitor counter for threshold
function WaitForCounter($counter, $value, $duration)
{
    Log ("Started watching " + $counter + " to reach " + $value + " for " + $duration)
    $timeCounterReached = [DateTime]::MaxValue

    Get-Counter -Counter $counter -Continuous |
    % {
        Log ($_.CounterSamples[0].CookedValue);
        $now = [DateTime]::Now;
        if ($_.CounterSamples[0].CookedValue -ge $value)
        {
            if ($timeCounterReached -gt $now)
            {
                Log ("The counter reached the threshold. Waiting " + $duration + " before collection.")
                $timeCounterReached = $now
            }

            if ($timeCounterReached -le $now)
            {
                $currentDuration = $now - $timeCounterReached
                Log ("Counter reached desired value " + $currentDuration + " ago.")
                if ($currentDuration -ge $duration)
                {
                    Log ("Trigger hit! Generating procdumps...")
                    & $procdumpBinary store.exe $nmcapDataFolder -accepteula
                    & $procdumpBinary msexchangerepl.exe $nmcapDataFolder -accepteula
                    & $procdumpBinary lsass.exe $nmcapDataFolder -accepteula
                    & $procdumpBinary clussvc.exe $nmcapDataFolder -accepteula
                    & $procdumpBinary BESClientUI $nmcapDataFolder -accepteula
                    & $procdumpBinary kntcma $nmcapDataFolder -accepteula
                    & $procdumpBinary java $nmcapDataFolder -accepteula
                    Log ("Starting WPR collection...")
                    & $wprBinary -start CPU -start Network
                    Log ("Data collection running.")
                    # Send-MailMessage -To user@contoso.com -From user@contoso.com -Subject "Alert on $localComputerName" -Body "Trigger hit" -SmtpServer mail.contoso.com
                    Start-Sleep 20
                    Log ("Stopping WPR collection...")
                    & $wprBinary -stop (Join-Path $wprDataFolder ($localComputerName + "-WPR.etl"))
                    Log ("Stopping nmcap...")
                    ping -n 1 4.3.2.1 | out-null
                    Log ("Done!")
                    break
                }
            }
        }
        else
        {
            if ($timeCounterReached -lt $now)
            {
                Log ("Counter dropped below threshold.")
                $timeCounterReached = [DateTime]::MaxValue
            }
        }

        # Check to see if we need to clean up old nmcap files
        $capFiles = new-object 'System.Collections.Generic.List[string]'
        $capFiles.AddRange([System.IO.Directory]::GetFiles($nmcapDataFolder, "*.cap"))
        while ($capFiles.Count -gt $numberOfCapFilesToKeep)
        {
            $oldestFileTime = [DateTime]::MaxValue
            $oldestFileName = ""
            foreach ($file in $capFiles)
            {
                $fileTime = [System.IO.File]::GetLastWriteTime($file)
                if ($fileTime -lt $oldestFileTime)
                {
                    $oldestFileTime = $fileTime
                    $oldestFileName = $file
                }
            }

            Log ("Deleting oldest cap file: " + $oldestFileName)
            [System.IO.File]::Delete($oldestFileName)
            $capFiles.Remove($oldestFileName)
        }
    }
    # End of script block
}

##############################
#
# Start the nmcap

"Starting nmcap..."
$capFileName = Join-Path $nmcapDataFolder ($localComputerName + ".chn")
$capFileName += ":500MB"
$nmcapArgs = @('/UseProfile', '2', '/network', $nicToCapture, '/capture', '/file', $capFileName, '/Disableconversations', '/StopWhen', '/Frame', 'IPv4.DestinationAddress==4.3.2.1')
$nmcapProcess = Start-Process "C:\Program Files\Microsoft Network Monitor 3\nmcap.exe" -ArgumentList $nmcapArgs

#
##############################

##############################
#
# Here's where we start monitoring. Adjust as needed.
#

WaitForCounter "\MSExchangeIS\RPC Averaged Latency" 80 (new-object TimeSpan(0, 0, 2))

#
##############################
	$nmcapDataFolder = 'C:\CollectedData'
	$wprDataFolder = 'C:\CollectedData'
	$wprBinary = 'C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\wpr.exe'
	$procdumpBinary = 'C:\tools\sysinternals\procdump.exe'
	$nicToCapture = '' # Can be a number or
	$numberOfCapFilesToKeep = 5

	$localComputerName = [Environment]::MachineName

	function Log($logString)
	{
	(Get-Date).ToString("o") + " " + $logString
	}

	# Monitor counter for threshold
	function WaitForCounter($counter, $value, $duration)
	{
	Log ("Started watching " + $counter + " to reach " + $value + " for " + $duration)
	$timeCounterReached = [DateTime]::MaxValue

	Get-Counter -Counter $counter -Continuous \|
	% {
	Log ($_.CounterSamples[0].CookedValue);
	$now = [DateTime]::Now;
	if ($_.CounterSamples[0].CookedValue -ge $value)
	{
	if ($timeCounterReached -gt $now)
	{
	Log ("The counter reached the threshold. Waiting " + $duration + " before collection.")
	$timeCounterReached = $now
	}

	if ($timeCounterReached -le $now)
	{
	$currentDuration = $now - $timeCounterReached
	Log ("Counter reached desired value " + $currentDuration + " ago.")
	if ($currentDuration -ge $duration)
	{
	Log ("Trigger hit! Generating procdumps...")
	& $procdumpBinary store.exe $nmcapDataFolder -accepteula
	& $procdumpBinary msexchangerepl.exe $nmcapDataFolder -accepteula
	& $procdumpBinary lsass.exe $nmcapDataFolder -accepteula
	& $procdumpBinary clussvc.exe $nmcapDataFolder -accepteula
	& $procdumpBinary BESClientUI $nmcapDataFolder -accepteula
	& $procdumpBinary kntcma $nmcapDataFolder -accepteula
	& $procdumpBinary java $nmcapDataFolder -accepteula
	Log ("Starting WPR collection...")
	& $wprBinary -start CPU -start Network
	Log ("Data collection running.")
	# Send-MailMessage -To user@contoso.com -From user@contoso.com -Subject "Alert on $localComputerName" -Body "Trigger hit" -SmtpServer mail.contoso.com
	Start-Sleep 20
	Log ("Stopping WPR collection...")
	& $wprBinary -stop (Join-Path $wprDataFolder ($localComputerName + "-WPR.etl"))
	Log ("Stopping nmcap...")
	ping -n 1 4.3.2.1 \| out-null
	Log ("Done!")
	break
	}
	}
	}
	else
	{
	if ($timeCounterReached -lt $now)
	{
	Log ("Counter dropped below threshold.")
	$timeCounterReached = [DateTime]::MaxValue
	}
	}

	# Check to see if we need to clean up old nmcap files
	$capFiles = new-object 'System.Collections.Generic.List[string]'
	$capFiles.AddRange([System.IO.Directory]::GetFiles($nmcapDataFolder, "*.cap"))
	while ($capFiles.Count -gt $numberOfCapFilesToKeep)
	{
	$oldestFileTime = [DateTime]::MaxValue
	$oldestFileName = ""
	foreach ($file in $capFiles)
	{
	$fileTime = [System.IO.File]::GetLastWriteTime($file)
	if ($fileTime -lt $oldestFileTime)
	{
	$oldestFileTime = $fileTime
	$oldestFileName = $file
	}
	}

	Log ("Deleting oldest cap file: " + $oldestFileName)
	[System.IO.File]::Delete($oldestFileName)
	$capFiles.Remove($oldestFileName)
	}
	}
	# End of script block
	}

	##############################
	#
	# Start the nmcap

	"Starting nmcap..."
	$capFileName = Join-Path $nmcapDataFolder ($localComputerName + ".chn")
	$capFileName += ":500MB"
	$nmcapArgs = @('/UseProfile', '2', '/network', $nicToCapture, '/capture', '/file', $capFileName, '/Disableconversations', '/StopWhen', '/Frame', 'IPv4.DestinationAddress==4.3.2.1')
	$nmcapProcess = Start-Process "C:\Program Files\Microsoft Network Monitor 3\nmcap.exe" -ArgumentList $nmcapArgs

	#
	##############################

	##############################
	#
	# Here's where we start monitoring. Adjust as needed.
	#

	WaitForCounter "\MSExchangeIS\RPC Averaged Latency" 80 (new-object TimeSpan(0, 0, 2))

	#
	##############################