Tips & trick LSOF Troubleshoot your Linux

Partager sur Facebook, Twitter ou par e-mail

Ajouté la première fois par labynocle depuis blog.ronanfoucher.fr. Lire l'article original

One of the most useful tool for unix debug is lsof, I use it many times for many problems for day to day monitoring and debug.It just lists all files openned by processes no more no less, but because on *NIX system, everything IS a « file », this gives you a lot of information on your system use (e.g. ttys, directories,sockets, pipes,memory mapping).

1 – List all open files used on your system .

gollum:~# lsof

2 – Unmounting a partition

You’re trying to unmount /dev/sdd1, but it is still in use by a process or a usergollum:~#lsof /dev/sdd1and then kill each processes or users to free the partition=> aggressive mode :gollum:~#kill `lsof -t /dev/sdd1`

Find some issues with user’s script

List all connection on your server openned by/for non root usersgollum:~#lsof -i -u^rootList all files on your server used by/for user_ronangollum:~#lsof -u user_ronan

Find all open files in a directory recursively. gollum:~#lsof +D /usr/lib64/

- with +D argument lsof will return all files in the specified directory and subdirectories.another way is using grep (but if your system is using ia32 or if you’re looking in symlinks +D argument will be necessary) gollum:~#lsof | grep '/usr/lib64/'

Find some issues with programs

Find all open files by program’s name. gollum:~#lsof -c mysql-with -c argument lsof will return all files openned by/for processes whose name begins with ‘mysql’.

You can compile multiple option using -a (and):gollum:~#lsof -a -c apache +D /usr/lib64/

If you don’t specify the -a option by default lsof will return an « OR » resultgollum:~#lsof -c apache +D /usr/lib64/

And you can use ‘^’ translate by except to find all files open by all processes except PID 1gollum:~#lsof -p ^1

Find some issues with space left

df and du does not match…

You should have a problem with some files that have been deleted but one or more processes are keeping the files open.The system will preserved the file and its blocks, even though it appears to be deleted from the filesystem.

gollum:~#lsof +L1another way :gollum:~#lsof | grep deleted

Too many open files issue

Find the top 10 of procsesses with the most files open.gollum:~#lsof | awk '{printf("%s (%s)\n", $1, $2)}' | sort | uniq -c | sort -rn | head

You can check the number of script opened by a process usinggollum:~#ps -ef | grep MyScripts*.sh | grep -v grep | awk '{print $2}'46899gollum:~#lsof -p 46899gollum:~#lsof -p 46899 | wc -l

This will give you idea of the files that your script opens.(for more than one process just separate pids using comas)gollum:~#ps -ef | grep MyScripts*.sh | grep -v grep | awk '{print $2}'468004680146802gollum:~#lsof -p 46800,46801,46802

As said before, everything on Linux is a file, so IP sockets can also be listed using lsof and help you to know more about your IP system use.(Of you can also use netcat or netstat for some of those examples)

List all IP sockets openned

gollum:~#lsof -igollum:~#netstat -anp

Lsof with -i option lists all processes with open Internet sockets (TCP and UDP).List all TCP network connections.gollum:~#lsof -i tcpList all UDP network connectionsgollum:~#lsof -i udp

You can check if a port is open and which ... Lire la suite de l'article

1 commentaire

Vous devez être connecté pour poster un commentaire.
Répondre

labynocle :
une page utile avec pas mal de tips et d'exemples sur l'utilisation de lsof

il y a plus d'1 an - sur :

Un réseau social privé et personnalisable pour votre entreprise ou pour animer votre communauté ? Découvrez YoolinkPro

Découvrez YoolinkPro

Les derniers qui l'ont sauvegardé :