- Attach a debugger
- Artifacts from an event (e.g. an error log)
- A quick high-level debug dump of a running process (e.g. stack trace)
- Full memory dump
- Guessing
- Have said debugger installed
- Setup production around a debugger to some extent, e.g. GUI on the running machine
- Be willing to stall the process (e.g. timing out requests)
While 1 and 2 may be doable, number 3 is a hard no at scale.
- Traffic logs
- Error logs
- Eye witness descriptions of the suspect
- Terrible bug reports
- Build logs (what was deployed?)
- Source control logs (what was the change? the reason?)
- Metrics/monitoring system logs