shlamp 2014-10-17
【基本介绍】
lsof-listopenfiles
Itisacommandlineutilitywhichisusedtolisttheinformationaboutthefilesthatareopenedbyvariousprocesses.Inunix,everythingisafile,(pipes,sockets,directories,devices,etc.).Sobyusinglsof,youcangettheinformationaboutanyopenedfiles.所有的东西都是文件,lsof用来查看打开文件的进程
【参数介绍】
[root@pandaVM ~]# lsof | head -10 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME init 1 root cwd DIR 8,2 4096 2 / init 1 root rtd DIR 8,2 4096 2 / init 1 root txt REG 8,2 150352 130349 /sbin/init init 1 root mem REG 8,2 65928 260653 /lib64/libnss_files-2.12.so init 1 root mem REG 8,2 1926800 264737 /lib64/libc-2.12.so init 1 root mem REG 8,2 93320 264762 /lib64/libgcc_s-4.4.7-20120601.so.1 init 1 root mem REG 8,2 47064 264739 /lib64/librt-2.12.so init 1 root mem REG 8,2 145896 260719 /lib64/libpthread-2.12.so init 1 root mem REG 8,2 268232 264740 /lib64/libdbus-1.so.3.4.0
FD–Representsthefiledescriptor.(文件描述)SomeofthevaluesofFDsare,
cwd–CurrentWorkingDirectory
txt–Textfile
mem–Memorymappedfile
mmap–Memorymappeddevice
NUMBER–Representtheactualfiledescriptor.Thecharacterafterthenumberi.e’1u’,representsthemodeinwhichthefileisopened.rforread,wforwrite,uforreadandwrite.
TYPE–Specifiesthetypeofthefile.(文件类型)SomeofthevaluesofTYPEsare,
REG–RegularFile
DIR–Directory
FIFO–FirstInFirstOut
CHR–Characterspecialfile
lsoffilename显示打开指定文件的所有进程
lsof-a表示两个参数都必须满足时才显示结果
lsof-cstring显示COMMAND列中包含指定字符的进程所有打开的文件
lsof-uusername显示所属user进程打开的文件
lsof-ggid显示归属gid的进程情况
lsof+d/DIR/显示目录下被进程打开的文件
lsof+D/DIR/同上,但是会搜索目录下的所有目录,时间相对较长
lsof-dFD显示指定文件描述符的进程
lsof-n不将IP转换为hostname,缺省是不加上-n参数
lsof-i:port显示使用端口的进程
【常用例子】
Listprocesseswhichopenedaspecificfile(显示打开指定文件的进程)
# lsof /var/log/syslog COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME rsyslogd 488 syslog 1w REG 8,1 1151 268940 /var/log/syslog
Listallopenfilesbyaspecificprocess(显示指定进程IP)
# lsof -p 1753 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME bash 1753 lakshmanan cwd DIR 8,1 4096 393571 /home/lakshmanan/test.txt bash 1753 lakshmanan rtd DIR 8,1 4096 2 / bash 1753 lakshmanan 255u CHR 136,0 0t0 3 /dev/pts/0
Listprocesseswhicharelisteningonaparticularport(显示指定端口)
# lsof -i :25 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME exim4 2541 Debian-exim 3u IPv4 8677 TCP localhost:smtp (LISTEN)
Listfilesopenedbyaspecificuser(显示指定用户的进程)
# lsof -u lakshmanan COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME update-no 1892 lakshmanan 20r FIFO 0,8 0t0 14536 pipe update-no 1892 lakshmanan 21w FIFO 0,8 0t0 14536 pipe bash 1995 lakshmanan cwd DIR 8,1 4096 393218 /home/lakshmanan
Listopenedfilesbasedonprocessnamesstartingwith(显示指定进程名)
# lsof -c ssh -c init COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME init 1 root txt REG 8,1 124704 917562 /sbin/init init 1 root mem REG 8,1 1434180 1442625 /lib/i386-linux-gnu/libc-2.13.so init 1 root mem REG 8,1 30684 1442694 /lib/i386-linux-gnu/librt-2.13.so ... ssh-agent 1528 lakshmanan 1u CHR 1,3 0t0 4369 /dev/null ssh-agent 1528 lakshmanan 2u CHR 1,3 0t0 4369 /dev/null ssh-agent 1528 lakshmanan 3u unix 0xdf70e240 0t0 10464 /tmp/ssh-sUymKXxw
Listopenedfilesunderadirectory(显示目录下被打开的文件)
# lsof +D /var/log/ COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME rsyslogd 488 syslog 1w REG 8,1 1151 268940 /var/log/syslog rsyslogd 488 syslog 2w REG 8,1 2405 269616 /var/log/auth.log console-k 144 root 9w REG 8,1 10871 269369 /var/log/ConsoleKit/history
【参考引用】
http://blog.csdn.net/guoguo1980/article/details/2324454
http://www.thegeekstuff.com/2012/08/lsof-command-examples/