Windows Agent Troubleshooting
Environments
Hosts
Sysdig Windows agent consists of the following service: Sysdig Agent
.
The Sysdig Agent
service automatically restarts whenever it is terminated. If the service restarts frequently, a possible cause could be an Agent service crash. In order to troubleshoot such crashes, Microsoft Windows supports generating process memory dumps. The steps to enable program specific crash dumps can be found in Collecting User-Mode Dumps.
The agent logs for both the processes are available in the installation directory. This is typically C:\Program Files\Sysdig\Agent\Logs
.
Windows registry configuration for collecting agent crash dumps
Following configuration enables dumps for Sysdig Windows agent services with type Full dump
. The dump file count per service is limited to 10
.
Command Line
Please ensure the following commands are run as local administrator.
reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\sysdig-agent.exe" /v DumpFolder /t REG_SZ /d "%PROGRAMFILES%\Sysdig\Agent\Dumps" /f
reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\sysdig-agent.exe" /v DumpType /t REG_DWORD /d 2 /f
reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\sysdig-agent.exe" /v DumpCount /t REG_DWORD /d 10 /f
Graphical UI
Launch Windows Registry Editor
regedit.exe
as administrator.Navigate to the following registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps
.Right click
LocalDumps
and selectNew
>Key
and rename the new key tosysdig-agent.exe
.Right click
sysdig-agent.exe
key and selectNew
>String Value
and rename the new string value toDumpFolder
.Double click the
DumpFolder
value and set the value to%PROGRAMFILES%\Sysdig\Agent\Dumps
.Right click
sysdig-agent.exe
key and selectNew
>DWORD (32-bit) Value
and rename the new DWORD value toDumpType
.Double click the
DumpType
value and set the value to2
.Right click
sysdig-agent.exe
key and selectNew
>DWORD (32-bit) Value
and rename the new DWORD value toDumpCount
.Double click the
DumpCount
value and set the value to10
.
Please repeat the above process for secmgr.exe
.
Dump Files
The generated dump file names are in the format of {sysdig-agent}.exe.{pid}.dmp
.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.