Lsof detailed description of Linux performance monitoring commands

1. Lsof Command Introduction

Lsof (list open files) is a tool that lists open files for the current system. In a Linux environment, everything is in the form of files, with files that not only access regular data, but also access to network connectivity and hardware. So, such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) sockets, the system assigns a file descriptor to the application in the background, regardless of the nature of the file, which provides a common interface for the interaction between the application and the underlying operating system. Because the application opens a descriptor list of files that provides a lot of information about the application itself, it is helpful to see the list through the Lsof tool for system monitoring and troubleshooting.

2. lsof Output message meaning

Enter lsof at the terminal to display the file opened by the system, because lsof needs to access core memory and various files, so it must be run as root to fully perform its functions.

# lsof |head-10
COMMAND PID USER FD TYPE DEVICE size/off NODE NAME
Init 1 root cwd DIR 253,0 4096 2/
Init 1 root RTD DIR 253,0 4096 2/
Init 1 root txt REG 253,0 150352 786475/sbin/init
Init 1 root mem REG 253,0 65928 1703966/lib64/libnss_files-2.12.so
Init 1 root mem REG 253,0 1926760 1704350/lib64/libc-2.12.so
Init 1 root mem REG 253,0 93320 1704354/lib64/libgcc_s-4.4.7-20120601.so.1
Init 1 root mem REG 253,0 47112 1704362/lib64/librt-2.12.so
Init 1 root mem REG 253,0 145896 1704355/lib64/libpthread-2.12.so
Init 1 root mem REG 253,0 268232 1704383/lib64/libdbus-1.so.3.4.0

Each row displays an open file, and all files opened by all processes are displayed by default if you do not specify a condition.
The meaning of the lsof output column information is as follows:

COMMAND: Name of the process
PID: Process Identifier
USER: Process Owner
FD: File descriptor in which the application recognizes the file through a file descriptor. such as CWD, TXT, etc. type: file type, such as Dir, Reg, etc.
DEVICE: Specifies the name of the disk
Size: Sizes of files
Node: Index node (the identity of the file on disk)
Name: Open the exact name of the file

3. Lsof Use Example

3.1 Viewing the operation of the port

$ lsof-i:7001

3.2 Show all connections using the-I parameter

$ lsof-i

3.3 Use @host to display the connection specified to the specified host

$ lsof [email protected]10.245. 1.166

3.4 Using @host:port to display host-to-port connections

$ lsof [email protected]10.245. 1.166:7001

3.5 Finding the connection that was established

$ lsof-i-stcp:established

You can also search for "established" by grep to complete the task

$ lsof-i | Grep-i established

3.6 Lsof for user information

--Use-U to display information opened by the specified user

$ lsof-u WebLogic

---use-u to display information that is open except for specified users

$ lsof-u ^weblogic

--kills the process of the specified user action

$ kill-9 ' lsof-t-u weblogic '

4. Lsof Utility Commands

Lsof ' which httpd '//that process is using Apache's executable filelsof/etc/passwd//that process is taking up/etc/passwd .Lsof/dev/hda6//that process is taking up Hda6 .Lsof/dev/cdrom//that process is taking up the optical drive .Lsof-c SendMail//view file Usage for the sendmail processLsof-c courier-u ^zahn//shows that those files are opened with a courier START process, but they do not belong to the user ZahnLsof-p30297 //show those files are turned on by the PID 30297 processLSOF-D/tmp shows all theThe tmp folder opens the process for instance and files. But the symbol file is not listed lsof-u1000//View the file usage of the user's process UID is 100Lsof-utony//view file Usage for user Tony's processLsof-u^tony//view file Usage for processes that are not user Tony (^ is inverse meaning)Lsof-i//Show all open portsLsof-i: the //Show all processes that open port 80Lsof-i-U//Show all open ports and UNIX domain fileslsof-i [Email protected][url]www.akadia.com:123 //shows those processes that have opened a link to the UDP 123 (NTP) port of www.akadia.comlsof-i [Email Protected]w:ftp-r//constantly check the current FTP connection situation (-r,lsof will always continue to execute until the interrupt signal is received, +R,LSOF will continue to execute until no file is displayed, the default is 15s refresh)lsof-i [Email protected]:ftp-n//lsof-n do not convert IP to hostname, the default is not to add the-n parameter

Article reprinted from: http://www.cnblogs.com/ggjucheng/archive/2012/01/08/2316599.html

Lsof detailed description of Linux performance monitoring commands