Everybody is good! I am Sean!
Continue our Linux system performance monitoring commands, today is to share lsof.
Lsof (List Open Files)
In Linux, everything is a file, and through files you can access not only regular data, but also network connections and hardware. Therefore, applications such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) sockets are assigned a file descriptor in the background regardless of the nature of the file. This file descriptor provides a common interface for the application to interact with the underlying operating system. Because the list of descriptors for an application’s open files provides a great deal of information about the application itself, being able to view this list through the LSOF tool can be very helpful for system monitoring and troubleshooting. How powerful lsof is!
The command parameter
-a: lists the processes in which open files exist. -c< process name > : lists the files opened by the specified process. -g: lists details about processes with GID numbers. -d< file number > : lists the processes that occupy the file number. +d< directory > : lists open files in the directory. +D< directory > : recursively lists open files in the directory; -n< directory > : Lists the files that use NFS. -i< Condition > : Lists the processes that meet the conditions. (4, 6, protocol, : port, @IP) -p< process number > : lists the files opened by the specified process number. -u: lists details about processes with the UID number. -h: Displays the help information. -v: displays the version information.Copy the codeLsof outputs the meaning of each column
COMMAND: indicates the process name. PID: indicates the process id. PPID: indicates the parent process id (-r needs to be specified) USER: indicates the process owner. PGID: indicates the process group. File size NODE: indicates the index NODE (identifier of a file on a disk) NAME: indicates the exact NAME of the file to be openedCopy the codeThe FD column shows the meaning of the content
CWD: indicates the current work dirctory, that is, the current working directory of the application. This is the directory in which the application is started, unless it changes the directory itself. This type of file is program code, such as application binaries themselves or shared libraries, such as the /sbin/init program shown in the list above. LNN: Library References (AIX); 4. Er: FD information error (see NAME column); 5. JLD: jail Directory (FreeBSD); 6. LTX: Shared library text (code and data); 8. M86: DOS Merge mapped file; 9. Mem: memory-mapped file; 10. Mmap: memory-mapped device; 11. Pd: parent directory; 12. RTD: root directory; Tr: kernel trace file (OpenBSD); 14. v86 VP/ix mapped file; 0: standard output 16. 1: standard input 17. 2: standard errorCopy the code1. U: indicates that the file is opened and in read/write mode. R: indicates that the file is opened and in read-only mode. 3. W: indicates that the file is opened and in. 4. Space: Indicates that the status mode of the file is unknown and the file is not locked. 5. - : indicates that the status mode of the file is unknown and locked. N: for a Solaris NFS lock of unknown type; 2. R: for reading lock on part of the file; 3. R: For a read lock on the entire file; 4. W: For a write lock on part of the file; 5. W: Write lock on the entire file; 6. U: for a read and write lock of any length; 7. U: For a lock of unknown type; 8. X: For an SCO OpenServer Xenix lock on part of the file; 9. X: For an SCO OpenServer Xenix lock on the entire file; 10. Space: If there is no lockCopy the codeThe TYPE column shows the meaning of the content
1. DIR: indicates a directory. 2. CHR: indicates the character type. 3. BLK: indicates the block device type. 4. UNIX: UNIX domain socket FIFO: First in, first out (FIFO) queue. IPv4: Internet Protocol (IP) socket. 7. REG: Common fileCopy the codeCommon commands
View all files that have been opened, do not need to be with parameters, but the output content is more
lsof
Copy the code
To see which programs are using a file, follow the file’s full path name or relative path name
Lsof [full path name/relative path name]Copy the code
Loop recursively to see which programs are using all files in a path, keeping up with the directory
Lsof +D [path]Copy the code
View information about files opened by a user, following the user name parameter
Lsof -u [user name]Copy the code
If you look at the open files of a program and follow the keywords, it will print out the files opened by the program starting with the keywords
Lsof -C [Keyword]Copy the code
List the open file information of various programs, keep up with multiple -c, and the same as the previous command
Lsof -c [keyword A] -c [keyword B]Copy the code
This symbol is used to filter out processes opened by the root user
lsof -u ^root
Copy the code
Displays information about open files for a process number
Lsof -p [Process number]Copy the code
Lists the file information corresponding to multiple process numbers
Lsof -p [Process number 1],[Process number 2],[Process number 3]Copy the codeLists files opened by processes other than a process number
Lsof -p ^[Process id]Copy the codeView all network connections
lsof -i
Copy the code
View information about all TCP network connections
lsof -i tcp
Copy the code
View information about all UDP network connections
lsof -i udp
Copy the code
View the usage of a port
lsof -i :22
Copy the code
View information about a specific UDP port
lsof -i udp:42078
Copy the code
View information about a specific TCP port
lsof -i tcp:39498
Copy the code
Summary of mind mapping
That’s all for today’s sharing! Thank you for reading! Code word is not easy, if this article is helpful to you, please give a thumbs up ~ haha.
The mind map will be shared at the end of the performance monitoring command series. Please follow the public account “Programmer Sean”.