lsof Command Introduction
Lsof (list open files) is a tool that lists open files for the current system. In a Linux environment, everything is in the form of files, with files that not only access regular data, but also access to network connectivity and hardware. such as TC and UDP, the system assigns a file descriptor to the application in the background, regardless of the nature of the file, which provides a common interface for the interaction between the application and the underlying operating system . Because the application opens a descriptor list of files that provides a lot of information about the application itself, it is helpful to see the list through the Lsof tool for system monitoring and troubleshooting.
lsof Command function
Used to view the files that your process opened, the process of opening the file, the port (TCP, UDP) that the process opened. Retrieve/Recover deleted files. is a very convenient system monitoring tool, because lsof needs to access core memory and various files, so the root user needs to execute.
lsof Command Output description
lsof [parameters] [file]
the meaning of the lsof output column information is as follows:
COMMAND: Name of the process
PID: Process Identifier
PPID: Parent Process Identifier (the-R parameter needs to be specified)
USER: Process Owner
FD: File descriptor in which the application recognizes the file through a file descriptor. such as CWD, TXT, etc.
(1) CWD: Represents the current working dirctory, which is the directory in which the application starts, unless it makes changes to the directory itself
(2) TXT: This type of file is a program code, such as the application binary file itself or a shared library, as shown in the list above/sbin/init program
(3) Lnn:library references (AIX);
(4) ER:FD information error (see NAME column);
(5) Jld:jail directory (FreeBSD);
(6) Ltx:shared Library text (code and data);
(7) Mxx:hex memory-mapped type number XX.
(8) M86:dos Merge mapped file;
(9) mem:memory-mapped file;
(ten) mmap:memory-mapped device;
(one) Pd:parent directory;
(rtd:root) directory;
(Tr:kernel) trace file (OpenBSD);
(+) v86 vp/ix mapped file;
(15) 0: Indicates standard output
(16) 1: Indicates standard input
(17) 2: standard error indication
Generally after standard output, standard error, standard input followed by file state mode: R, W, u, etc.
(1) U: Indicates that the file is open and in read/write mode
(2) R: Indicates that the file is open and is in read-only mode
(3) W: Indicates that the file is open and is in
(4) Space: Indicates that the file's status mode is Unknow and is not locked
(5)-: Indicates that the file's state mode is unknow and is locked
At the same time, after the file state mode, followed by the relevant lock
(1) n:for a Solaris NFS lock of unknown type;
(2) R:for read lock on part of the file;
(3) R:for A read lock on the entire file;
(4) W:for a write lock on part of the file;
(5) W:for A write lock on the entire file; (write lock for entire file)
(6) U:for a read and write lock of any length;
(7) U:for a lock of unknown type;
(8) x:for an SCO openserver Xenix lock in part of the file;
(9) x:for an SCO openserver Xenix lock on the entire file;
(space:if) There is no lock.
Type: File types, such as Dir, Reg, etc., common file types
(1) DIR: Indicates directory
(2) CHR: denotes character type
(3) BLK: Block device type
(4) Unix:unix domain sockets
(5) FIFO: Advanced First Out (FIFO) queue
(6) IPv4: Internet Protocol (IP) sockets
DEVICE: Specifies the name of the disk
Size: Sizes of files
Node: Index node (the identity of the file on disk)
Name: Open the exact name of the file
Lsof Common Command Parameters
Lsof Abc.txt shows the process of opening the file Abc.txt
LSOF-C ABC show ABC process now open file
LSOF-C-P 1234 lists files opened by processes with process number 1234
Lsof-g GID shows the process of attribution to GID
Lsof +d/usr/local/displays files that were opened by the process in the directory
Lsof +d/usr/local/, but will search the directory under the directory, the time is longer
Lsof-d 4 shows a process using FD 4
Lsof-i to show condition-eligible processes
LSOF-I[46] [protocol][@hostname |hostaddr][:service|port]
-IPv4 or IPv6
Protocol---TCP or UDP
Hostname-Internet Host name
HOSTADDR-IPV4 Address
Service name in service---/etc/service (can be more than one)
Commonly used commands are shown:
See who is using a file, that is, finding a file-related process
[Email protected] omc]# lsof/var/log/messages
Recursively view file information for a directory
[Email protected] omc]# lsof/home/omc/
==> [[email protected] omc]# lsof +d/home/omc/ "Using +d, all subdirectories and files in the corresponding directory will be listed"
List file information opened by a user
[Email protected] omc]# lsof-a-u root-i
[Email protected] omc]# lsof-u root
Lists file information that is opened by a program process
[[email protected] OMC] #lsof –c sshd- C "command" option will list all the files that start with the MySQL process, but you can also write Lsof | grep sshd, But the first method is obviously a few characters less than the second.
List multiple open file information for more than one process
[Email protected] omc]# lsof-c ssh-i:22
List connection information for an IP
[Email protected] omc]# lsof-i @192.168.25.133
Display connection information for the current environment based on IP classification
[Email protected] omc]# lsof-i 4 #列举IPV4 [[email protected] omc]# lsof-i 6 #列举IPV6
List connection information for TCP/UDP
[[email protected] omc]# lsof-i TCP [[email protected] omc]# lsof-i UDP
[Email protected] omc]# lsof-i tcp:22
Lists open file information except for a user
[[email protected] OMC] #lsof-u ^root
Displays the file that was opened by a process number
[Email protected] omc]# lsof-p 2601 [[email protected] omc]# lsof-p 2601,2602,2603
List all active network ports for a user
[Email protected] omc]# lsof-a-u root–i
List all network file systems
[Email protected] omc]# Lsof–n
List the corresponding file information according to the file description
Lsof-d description (like 2) For example: lsof-d txt For example: lsof-d 1 For example: lsof-d 2 Description: 0 for standard input, 1 for standard output, 2 for standard error, so that most applications open files of FD It's all starting from 3.
File information is listed according to the file description scope
[Email protected] omc]# lsof-d 2-3
Lists file information in the command column that contains the string "sshd" and the file stroke is of type txt
[Email protected] omc]# lsof-c sshd-a-D txt
Lists all IPV4 network files that are opened by processes with process number 1234
[[email protected] omc]# lsof-i 4-a-P 1234
Lists all file information currently connected to the host Hadoop and Port: 20,21,22,25,53,80, and executes the lsof instruction every 3 seconds continuously
[[email protected] omc]# lsof-i @hadoop: 20,21,22,25,53,80-r 3
Linux lsof Command Detailed