lsof使用介绍与案例模板
Posted 我要出家当道士
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了lsof使用介绍与案例模板相关的知识,希望对你有一定的参考价值。
一、基本介绍
主要用于查看与文件相关的一些属性。
1、参数
-a: 列出打开文件存在的进程;
-c<进程名>: 列出指定进程所打开的文件;
-g: 列出GID号进程详情;
-d<文件号>: 列出占用该文件号的进程;
+d<目录>: 列出目录下被打开的文件;
+D<目录>: 递归列出目录下被打开的文件;
-n<目录>: 列出使用NFS的文件;
-i<条件>: 列出符合条件的进程(4、6、协议、:端口、 @ip );
-p<进程号>: 列出指定进程号所打开的文件;
-u: 列出UID号进程详情;
-h: 显示帮助信息;
-v: 显示版本信息。2、输出列名
COMMAND: 进程的名称;
PID: 进程标识符;
PPID: 父进程标识符(需要指定-R参数);
USER: 进程所有者;
PGID: 进程所属组;
FD: 文件描述符,应用程序通过文件描述符识别该文件(1)FP
cwd: 表示current work dirctory,即:应用程序的当前工作目录,这是该应用程序启动的目录,除非它本身对这个目录进行更改;
txt: 该类型的文件是程序代码,如应用程序二进制文件本身或共享库,如上列表中显示的 /sbin/init 程序;
lnn: library references (AIX);
er: FD information error (see NAME column);
jld: jail directory (FreeBSD);
ltx: shared library text (code and data);
mxx: hex memory-mapped type number xx.
m86: DOS Merge mapped file;
mem: memory-mapped file;
mmap:memory-mapped device;
pd: parent directory;
rtd: root directory;
tr: kernel trace file (OpenBSD);
0: 表示标准输出;
1: 表示标准输入;
2: 表示标准错误。(2)文件状态
一般在标准输出、标准错误、标准输入后,还跟着文件状态模式
u :表示该文件被打开并处于读取/写入模式;
r :表示该文件被打开并处于只读模式;
w :表示该文件被打开并处于只写模式;
空格 :表示该文件的状态模式为unknow,且没有锁定;
- :表示该文件的状态模式为unknow,且被锁定(3)相关锁
跟在文件状态后面。
N:for a Solaris NFS lock of unknown type;
r:for read lock on part of the file;
R:for a read lock on the entire file;
w:for a write lock on part of the file;(文件的部分写锁)
W:for a write lock on the entire file;(整个文件的写锁)
u:for a read and write lock of any length;
U:for a lock of unknown type;
x:for an SCO OpenServer Xenix lock on part of the file;
X:for an SCO OpenServer Xenix lock on the entire file;
space:if there is no lock(4)文件类型
DIR: 表示目录;
CHR: 表示字符类型;
BLK: 块设备类型;
UNIX: UNIX 域套接字;
FIFO: 先进先出 (FIFO) 队列;
IPv4: 网际协议 (IP) 套接字;
DEVICE:指定磁盘的名称;
SIZE: 文件的大小;
NODE: 索引节点(文件在磁盘上的标识);
NAME: 打开文件的确切名称。二、功能模板
1、查看由用户启动的进程
/dev/pts 是远程登陆(telnet,ssh等)后创建的控制台设备文件所在的目录;通过查看/dev/pts下的进程,我们将可以了解到由登陆用户启动的进程有哪些(非 root 用户)。
[root@localhost ~]# lsof /dev/pts/
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
bash 1582 root 0u CHR 136,2 0t0 5 /dev/pts/2
bash 1582 root 1u CHR 136,2 0t0 5 /dev/pts/2
bash 1582 root 2u CHR 136,2 0t0 5 /dev/pts/2
bash 1582 root 255u CHR 136,2 0t0 5 /dev/pts/2
bash 13190 tp 0u CHR 136,0 0t0 3 /dev/pts/0
bash 13190 tp 1u CHR 136,0 0t0 3 /dev/pts/0
bash 13190 tp 2u CHR 136,0 0t0 3 /dev/pts/0
bash 13190 tp 255u CHR 136,0 0t0 3 /dev/pts/0
lsof 35116 root 0u CHR 136,2 0t0 5 /dev/pts/2
lsof 35116 root 1u CHR 136,2 0t0 5 /dev/pts/2
lsof 35116 root 2u CHR 136,2 0t0 5 /dev/pts/2
bash 89315 root 0u CHR 136,1 0t0 4 /dev/pts/1
bash 89315 root 1u CHR 136,1 0t0 4 /dev/pts/1
bash 89315 root 2u CHR 136,1 0t0 4 /dev/pts/1
bash 89315 root 255u CHR 136,1 0t0 4 /dev/pts/12、查看文件,设备被哪些进程占用
[root@localhost ~]# lsof /dev/tty1
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
X 11388 root 11u CHR 4,1 0t0 1043 /dev/tty13、查看进程打开的文件
根据进程号。
[root@localhost ~]# lsof -p 12132
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ssh-agent 12132 tp cwd DIR 253,0 270 64 /
ssh-agent 12132 tp rtd DIR 253,0 270 64 /
ssh-agent 12132 tp txt REG 253,0 382240 437366 /usr/bin/ssh-agent
ssh-agent 12132 tp DEL REG 253,0 33588187 /usr/lib64/libpcre.so.1.2.0;635ad392
ssh-agent 12132 tp mem REG 253,0 164288 33664635 /usr/lib64/libsmime3.so
ssh-agent 12132 tp mem REG 253,0 323664 33664636 /usr/lib64/libssl3.so
ssh-agent 12132 tp DEL REG 253,0 33588443 /usr/lib64/libssl.so.1.0.2k;635ad392
ssh-agent 12132 tp DEL REG 253,0 33588133 /usr/lib64/libz.so.1.2.7;635ad392
ssh-agent 12132 tp mem REG 253,0 14872 33588120 /usr/lib64/libutil-2.17.so
ssh-agent 12132 tp mem REG 253,0 61952 34001066 /usr/lib64/liblber-2.4.so.2.10.7
ssh-agent 12132 tp mem REG 253,0 352600 34001068 /usr/lib64/libldap-2.4.so.2.10.7
ssh-agent 12132 tp mem REG 253,0 19776 33588092 /usr/lib64/libdl-2.17.so
ssh-agent 12132 tp DEL REG 253,0 33588441 /usr/lib64/libcrypto.so.1.0.2k;635ad392
ssh-agent 12132 tp mem REG 253,0 11344 33894531 /usr/lib64/libfipscheck.so.1.2.1
ssh-agent 12132 tp mem REG 253,0 164240 33588079 /usr/lib64/ld-2.17.so
ssh-agent 12132 tp 0u CHR 1,3 0t0 1028 /dev/null
ssh-agent 12132 tp 1u CHR 1,3 0t0 1028 /dev/null
ssh-agent 12132 tp 2u CHR 1,3 0t0 1028 /dev/null
ssh-agent 12132 tp 3u unix 0xffff8f4c6da17c00 0t0 47202 /tmp/ssh-QdiRfGRyCArW/agent.119484、查看指定程序打开的文件
-c 参数后面直接跟程序名称
[root@localhost ~]# lsof -c logbk
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
logbk 88133 root cwd DIR 253,0 235 109924856 /oraclelog/demo
logbk 88133 root rtd DIR 253,0 270 64 /
logbk 88133 root txt REG 253,0 371520 109924828 /oraclelog/demo/logbk
logbk 88133 root mem REG 253,0 2173512 33588086 /usr/lib64/libc-2.17.so
logbk 88133 root mem REG 253,0 88720 33554508 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
logbk 88133 root mem REG 253,0 1139680 33588094 /usr/lib64/libm-2.17.so
logbk 88133 root mem REG 253,0 995840 33588135 /usr/lib64/libstdc++.so.6.0.19
logbk 88133 root mem REG 253,0 144792 33588112 /usr/lib64/libpthread-2.17.so
logbk 88133 root mem REG 253,0 28403 36356227 /usr/lib64/libunalog.so
logbk 88133 root mem REG 253,0 164240 33588079 /usr/lib64/ld-2.17.so
logbk 88133 root 0u CHR 136,1 0t0 4 /dev/pts/1
logbk 88133 root 1u CHR 136,1 0t0 4 /dev/pts/1
logbk 88133 root 2u CHR 136,1 0t0 4 /dev/pts/1
logbk 88133 root 3w REG 253,0 24643 100666617 /oraclelog/demo/log/backup.log
logbk 88133 root 4r REG 253,0 40390144 4561039 /oraclelog/archivelog/1_57_1119239317.dbf
logbk 88133 root 5w REG 253,0 9437184 4561054 /oraclelog/logbk/1_57_1119239317.dbf
logbk 88133 root 6r REG 253,0 32257536 4561038 /oraclelog/archivelog/1_56_1119239317.dbf
logbk 88133 root 7w REG 253,0 16777216 4561055 /oraclelog/logbk/1_56_1119239317.dbf
logbk 88133 root 8r REG 253,0 28265472 4560995 /oraclelog/archivelog/1_54_1119239317.dbf
logbk 88133 root 9w REG 253,0 8388608 2562867 /oraclelog/logbk/1_54_1119239317.dbf
logbk 88133 root 10r REG 253,0 28211200 4561033 /oraclelog/archivelog/1_55_1119239317.dbf
logbk 88133 root 11w REG 253,0 12582912 2562866 /oraclelog/logbk/1_55_1119239317.dbf5、查看指定目录下被打开的文件
[root@localhost ~]# lsof +D /oraclelog/
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
oracle 80148 oracle 267u REG 253,0 52429312 109820472 /oraclelog/redolog/redo03.log
oracle 80148 oracle 268u REG 253,0 52429312 109820470 /oraclelog/redolog/redo01.log
oracle 80148 oracle 269u REG 253,0 52429312 109820471 /oraclelog/redolog/redo02.log
logbk 88133 root cwd DIR 253,0 235 109924856 /oraclelog/demo
logbk 88133 root txt REG 253,0 371520 109924828 /oraclelog/demo/logbk
logbk 88133 root 3w REG 253,0 137075 100666617 /oraclelog/demo/log/backup.log
bash 89315 root cwd DIR 253,0 235 109924856 /oraclelog/demo6、查看网络连接
@ 后面可以跟网络IP进行连接筛选
[root@localhost ~]# lsof -i@127.0.0.1
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
chronyd 908 chrony 1u IPv4 18400 0t0 UDP localhost:323
cupsd 1274 root 12u IPv4 26025 0t0 TCP localhost:ipp (LISTEN)
sshd 1538 root 9u IPv4 502254251 0t0 TCP localhost:6011 (LISTEN)
master 1780 root 13u IPv4 25314 0t0 TCP localhost:smtp (LISTEN)
emagent 74143 oracle 6u IPv4 235541 0t0 TCP localhost:58622->localhost:ncube-lm (ESTABLISHED)
oracle 80512 oracle 14u IPv6 227994 0t0 TCP localhost:ncube-lm->localhost:58622 (ESTABLISHED)
sshd 89273 root 9u IPv4 501687180 0t0 TCP localhost:x11-ssh-offset (LISTEN)
java 93963 root 115u IPv6 386817 0t0 TCP localhost:17937 (LISTEN)
java 93963 root 126u IPv6 390877 0t0 TCP localhost:27443 (LISTEN)7、查看端口占用
在 : 后面跟这端口编号
[root@localhost ~]# lsof -i:27443
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 93963 root 126u IPv6 390877 0t0 TCP localhost:27443 (LISTEN)8、查看指定进程打开的网络连接
跟着进程ID号
[root@localhost ~]# lsof -i -a -p 93963
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 93963 root 104u IPv6 389206 0t0 TCP *:10481 (LISTEN)
java 93963 root 105u IPv6 389207 0t0 TCP *:11099 (LISTEN)
java 93963 root 114u IPv6 388456 0t0 TCP localhost.localdomain:32370->10.10.25.55:amqp (ESTABLISHED)
java 93963 root 115u IPv6 386817 0t0 TCP localhost:17937 (LISTEN)
java 93963 root 126u IPv6 390877 0t0 TCP localhost:27443 (LISTEN)9、查看指定状态的网络连接
例如,下面是查看 TCP:ESTABLISHED 状态的网络连接
[root@localhost ~]# lsof -n -P -i TCP -s TCP:ESTABLISHED
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1538 root 3u IPv4 502262586 0t0 TCP 10.10.50.208:22->10.9.2.85:64450 (ESTABLISHED)
tnslsnr 71279 oracle 13u IPv6 226418 0t0 TCP [::1]:1521->[::1]:20609 (ESTABLISHED)
emagent 74143 oracle 6u IPv4 235541 0t0 TCP 127.0.0.1:58622->127.0.0.1:1521 (ESTABLISHED)
oracle 80126 oracle 14u IPv6 226417 0t0 TCP [::1]:20609->[::1]:1521 (ESTABLISHED)
oracle 80512 oracle 14u IPv6 227994 0t0 TCP 127.0.0.1:1521->127.0.0.1:58622 (ESTABLISHED)
sshd 89273 root 3u IPv4 501698697 0t0 TCP 10.10.50.208:22->10.9.2.85:51793 (ESTABLISHED)
java 93963 root 114u IPv6 388456 0t0 TCP 10.10.50.208:32370->10.10.25.55:5672 (ESTABLISHED)
oracle 101067 oracle 14u IPv6 501851578 0t0 TCP 10.10.50.208:1521->10.9.2.85:51907 (ESTABLISHED)
oracle 101126 oracle 14u IPv6 501851980 0t0 TCP 10.10.50.208:1521->10.9.2.85:51909 (ESTABLISHED)
oracle 101194 oracle 14u IPv6 501854308 0t0 TCP 10.10.50.208:1521->10.9.2.85:51910 (ESTABLISHED)
oracle 101196 oracle 15u IPv6 501853039 0t0 TCP 10.10.50.208:1521->10.9.2.85:51911 (ESTABLISHED)以上是关于lsof使用介绍与案例模板的主要内容,如果未能解决你的问题,请参考以下文章