[PowerShell] Start-Dtrace for Monitoring

I sometimes have to use the Dtrace extensively and since Dtrace can create a lot of contents, I use Filter options.

The steps to use the Filter is

1. Start Dtrace
2. View the list of Processes.

DT> View

3. Set Verbose mode for the Process that you are interested in.

DT> set JournalTask v

4. Clear the existing Filter and type in the key words

DT> Filter
DT Filter> Clear Include
DT Filter> Include seconds
DT Filter> exit
DT>

5. Monitor 

DT> Monitor 

I had to type into Dtrace 7 times and I would probably make some typos along the way.

To make filtering in Dtrace easier, I have created a PowerShell function that starts the Dtrace which takes in Proces name and the Filter String as a parameter like this.

1. Start PowerShell
2. Run Start-Dtrace

PS> Start-Dtrace JournalTask seconds

If I want to add some filter key words, I can add them like this.

PS> Start-Dtrace "JournalTask,StorageArchive""seconds,elapsed"

[Start-Dtrace Code]

function Start-Dtrace {

  Param ([parameter(Mandatory=$true)][String]$Process,
         [String]$Filter
        )

  $PLIST = $Process.Split(",")
  $PLIST = $PLIST | Sort-Object -Unique

  $FILTER_ENABLED = $FALSE

  if($Filter.length -gt 0){

     $FLIST = $Filter.Split(",")
     $FLIST = $FLIST | Sort-Object -Unique
     $FILTER_ENABLED = $TRUE
   }

  $OPTIONS=@("reset *")

  ForEach($P in $PLIST){
  
    $OPTIONS += "set $P v"

  }

  if($FILTER_ENABLED){

    $OPTIONS += "filter"
    $OPTIONS += "c i"

    ForEach($F in $FLIST){
  
      $OPTIONS += "+ `"$F`""

    }

    $OPTIONS += "exit"
  }

  $OPTIONS += "monitor"

  $TMP_DTRACE_CMD_FILE = 'C:\Program Files (x86)\Enterprise Vault\Scripts for Dtrace\tmpScript.txt'

  $OPTIONS | Out-File $TMP_DTRACE_CMD_FILE -Encoding "ASCII"  

  $CMD_EV_INSTALL_DIR = 'C:\"Program Files (x86)"\"Enterprise Vault"\'
  $CMD_EV_DTRACE = ($CMD_EV_INSTALL_DIR + "Dtrace.exe")
  $CMD_TMP_DTRACE_CMD_FILE = ($CMD_EV_INSTALL_DIR + "`"Scripts for Dtrace`"\tmpScript.txt")

  Start-Process "CMD" -NoNewWindow -Wait -ArgumentList "/C $CMD_EV_DTRACE -v < $CMD_TMP_DTRACE_CMD_FILE"

}

• If the EV install folder is not "C:\Program Files (x86)\Enterprise Vault", modify the $TMP_DTRACE_CMD_FILE and $CMD_EV_INSTALL_DIR variable.
• To stop monitoring, type CTRL + C
• This function creates tmpStcript.txt file in "C:\Program Files (x86)\Enterprise Vault\Scripts for Dtrace" folder which only consumes few kbytes.
  If this is a problem change the $CMD_TMP_DTRACE_CMD_FILE and $TMP_DTRACE_CMD_FILE variable.