zoukankan      html  css  js  c++  java
  • 每天一个linux命令(lsof)

    losf----系统级监控、诊断工具

    安装:yum install lsof

    格式:lsof [选项] [绝对路径文件名 | 其他参数]

    主要选项:

    +D:递归查找除该路径下所有打开的文件

    [root@root ~]# lsof +D /usr/lib
    COMMAND    PID    USER  FD   TYPE DEVICE  SIZE/OFF    NODE NAME
    systemd      1    root txt    REG  253,1   1482272  661006 /usr/lib/systemd/systemd
    systemd-j  328    root txt    REG  253,1    274768  661020 /usr/lib/systemd/systemd-journald
    systemd-u  349    root txt    REG  253,1    361376  661038 /usr/lib/systemd/systemd-udevd
    systemd-u  349    root mem    REG  253,1    432831 1048900 /usr/lib/modules/3.10.0-514.26.2.el7.x86_64/modules.symbols.bin
    systemd-u  349    root mem    REG  253,1    735054 1048897 /usr/lib/modules/3.10.0-514.26.2.el7.x86_64/modules.alias.bin
    systemd-u  349    root mem    REG  253,1    343333 1048848 /usr/lib/modules/3.10.0-514.26.2.el7.x86_64/modules.dep.bin
    systemd-u  349    root mem    REG  253,1      8035 1048901 /usr/lib/modules/3.10.0-514.26.2.el7.x86_64/modules.builtin.bin
    polkitd    440 polkitd txt    REG  253,1    120424  788678 /usr/lib/polkit-1/polkitd
    systemd-l  461    root txt    REG  253,1    572288  661022 /usr/lib/systemd/systemd-logind
    crond      463    root mem    REG  253,1 106070960  662766 /usr/lib/locale/locale-archive
    agetty     477    root mem    REG  253,1 106070960  662766 /usr/lib/locale/locale-archive
    agetty     478    root mem    REG  253,1 106070960  662766 /usr/lib/locale/locale-archive
    tuned      746    root mem    REG  253,1 106070960  662766 /usr/lib/locale/locale-archive
    bash      4192    root mem    REG  253,1 106070960  662766 /usr/lib/locale/locale-archive
    lsof      4274    root mem    REG  253,1 106070960  662766 /usr/lib/locale/locale-archive
    lsof      4275    root mem    REG  253,1 106070960  662766 /usr/lib/locale/locale-archive
    -u:列出某个用户打开的所有文件,可以指定多个用户

    [root@root ~]# lsof -u root -u polkitd
    COMMAND     PID    USER   FD      TYPE             DEVICE  SIZE/OFF       NODE NAME
    systemd       1    root  cwd       DIR              253,1      4096          2 /
    systemd       1    root  rtd       DIR              253,1      4096          2 /
    systemd       1    root  txt       REG              253,1   1482272     661006 /usr/lib/systemd/systemd
    systemd       1    root  mem       REG              253,1     20040     657574 /usr/lib64/libuuid.so.1.3.0
    systemd       1    root  mem       REG              253,1    256960     659353 /usr/lib64/libblkid.so.1.1.0
    vballoon    383    root  txt   unknown                                         /proc/383/exe
    polkitd     440 polkitd  cwd       DIR              253,1      4096          2 /
    polkitd     440 polkitd  rtd       DIR              253,1      4096          2 /
    polkitd     440 polkitd  txt       REG              253,1    120424     788678 /usr/lib/polkit-1/polkitd
    polkitd     440 polkitd  mem       REG              253,1     62184     657115 /usr/lib64/libnss_files-2.17.so
    polkitd     440 polkitd  mem       REG              253,1     68192     657657 /usr/lib64/libbz2.so.1.0.6
    polkitd     440 polkitd  mem       REG              253,1     99952     657624 /usr/lib64/libelf-0.166.so
    polkitd     440 polkitd  mem       REG              253,1     19888     657701 /usr/lib64/libattr.so.1.1.0
    polkitd     440 polkitd  mem       REG              253,1    398264     657523 /usr/lib64/libpcre.so.1.2.0
    polkitd     440 polkitd  mem       REG              253,1    999944     657405 /usr/lib64/libstdc++.so.6.0.19
    polkitd     440 polkitd  mem       REG              253,1    251784     662792 /usr/lib64/libnspr4.so
    ………
    -c:查找某个程序打开的文件比如apache,可以指定多个-c参数使用空格隔开

    [root@root ~]# lsof -c ssh
    COMMAND  PID USER   FD   TYPE             DEVICE SIZE/OFF   NODE NAME
    sshd    3158 root  cwd    DIR              253,1     4096      2 /
    sshd    3158 root  rtd    DIR              253,1     4096      2 /
    sshd    3158 root  txt    REG              253,1   823744 662215 /usr/sbin/sshd
    sshd    3158 root  mem    REG              253,1    62184 657115 /usr/lib64/libnss_files-2.17.so
    sshd    3158 root  mem    REG              253,1    68192 657657 /usr/lib64/libbz2.so.1.0.6
    sshd    3158 root  mem    REG              253,1    99952 657624 /usr/lib64/libelf-0.166.so
    sshd    3158 root  mem    REG              253,1    19888 657701 /usr/lib64/libattr.so.1.1.0
    sshd    3158 root  mem    REG              253,1    15688 658041 /usr/lib64/libkeyutils.so.1.5
    ………
    ^:执行取反操作比如lsof –u ^root  列出除root用户外的所有用户打开的文件

    [root@root ~]# lsof -u ^root
    COMMAND   PID TID    USER   FD      TYPE             DEVICE SIZE/OFF    NODE NAME
    polkitd   440     polkitd  cwd       DIR              253,1     4096       2 /
    polkitd   440     polkitd  rtd       DIR              253,1     4096       2 /
    polkitd   440     polkitd  txt       REG              253,1   120424  788678 /usr/lib/polkit-1/polkitd
    polkitd   440     polkitd  mem       REG              253,1    62184  657115 /usr/lib64/libnss_files-2.17.so
    polkitd   440     polkitd  mem       REG              253,1    68192  657657 /usr/lib64/libbz2.so.1.0.6
    polkitd   440     polkitd  mem       REG              253,1    99952  657624 /usr/lib64/libelf-0.166.so
    polkitd   440     polkitd  mem       REG              253,1    19888  657701 /usr/lib64/libattr.so.1.1.0
    polkitd   440     polkitd  mem       REG              253,1   398264  657523 /usr/lib64/libpcre.so.1.2.0
    polkitd   440     polkitd  mem       REG              253,1   999944  657405 /usr/lib64/libstdc++.so.6.0.19
    ………
    

    -p:列出由某个PID对应的进程打开的文件,也就是通过进程id进行过滤输出可以指定多个pid,使用逗号隔开

    [root@root ~]# lsof -p 3158
    COMMAND  PID USER   FD   TYPE             DEVICE SIZE/OFF   NODE NAME
    sshd    3158 root  cwd    DIR              253,1     4096      2 /
    sshd    3158 root  rtd    DIR              253,1     4096      2 /
    sshd    3158 root  txt    REG              253,1   823744 662215 /usr/sbin/sshd
    sshd    3158 root  mem    REG              253,1    62184 657115 /usr/lib64/libnss_files-2.17.so
    sshd    3158 root  mem    REG              253,1    68192 657657 /usr/lib64/libbz2.so.1.0.6
    sshd    3158 root  mem    REG              253,1    99952 657624 /usr/lib64/libelf-0.166.so
    sshd    3158 root  mem    REG              253,1    19888 657701 /usr/lib64/libattr.so.1.1.0
    ………
    -i:列出所有网络连接,可以添加参数比如tcp、udp以及端口

    [root@root ~]# lsof -i tcp
    COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    sshd       3158 root    3u  IPv4  16225      0t0  TCP *:ssh (LISTEN)
    sshd       4190 root    3u  IPv4 221839      0t0  TCP root:ssh->116.23.154.188:55184 (ESTABLISHED)
    AliYunDun 18754 root   20u  IPv4  36643      0t0  TCP root:42866->100.100.30.25:http (ESTABLISHED)
    
    [root@root ~]# lsof -i :22
     COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
     sshd    3158 root    3u  IPv4  16225      0t0  TCP *:ssh (LISTEN)
     sshd    4190 root    3u  IPv4 221839      0t0  TCP root:ssh->116.23.154.188:55184 (ESTABLISHED)
    
    --组合使用
    
    [root@root ~]# lsof -i tcp:55184
     COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
     sshd    4190 root    3u  IPv4 221839      0t0  TCP root:ssh->116.23.154.188:55184 (ESTABLISHED)
    -N:列出所有NFS(网络文件系统)文件

    -t:输出进程的pid常与-i组合使用

    [root@root ~]# lsof -t -i tcp
    3158
    4190
    18754
    -r:用于循环列出文件直到被中断,比如用来检测网络活动,-r后面的 1 表示每秒重复打印一次

    [root@root ~]# lsof -r 1 -u root -i -a
    COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    dhclient    685 root    6u  IPv4  12108      0t0  UDP *:bootpc
    dhclient    685 root   20u  IPv4  12072      0t0  UDP *:17859
    dhclient    685 root   21u  IPv6  12073      0t0  UDP *:46450
    sshd       3158 root    3u  IPv4  16225      0t0  TCP *:ssh (LISTEN)
    sshd       4190 root    3u  IPv4 221839      0t0  TCP root:ssh->116.23.154.188:55184 (ESTABLISHED)
    AliYunDun 18754 root   20u  IPv4  36643      0t0  TCP root:42866->100.100.30.25:http (ESTABLISHED)
    =======
    COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    dhclient    685 root    6u  IPv4  12108      0t0  UDP *:bootpc
    dhclient    685 root   20u  IPv4  12072      0t0  UDP *:17859
    dhclient    685 root   21u  IPv6  12073      0t0  UDP *:46450
    sshd       3158 root    3u  IPv4  16225      0t0  TCP *:ssh (LISTEN)
    sshd       4190 root    3u  IPv4 221839      0t0  TCP root:ssh->116.23.154.188:55184 (ESTABLISHED)
    AliYunDun 18754 root   20u  IPv4  36643      0t0  TCP root:42866->100.100.30.25:http (ESTABLISHED)
    -a:可以将多个选项组合条件由“或”变为“与”

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~华丽的切割线~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 相关阅读:
    【leetcode】1103. Distribute Candies to People
    【leetcode】1074. Number of Submatrices That Sum to Target
    【leetcode】1095. Find in Mountain Array
    【leetcode】1094. Car Pooling
    2018.9.27 长难句1
    L142
    L141
    L140
    Agilent RF fundamentals (11)-Vector modulator
    Agilent RF fundamentals (10) Mixer ,Phase domain and modulator
  • 原文地址:https://www.cnblogs.com/hollyhock/p/10279370.html
Copyright © 2011-2022 走看看