LSOF:
lsof is a command meaning "list open files", which is used in many Unix-like systems to report a list of all open files and the processes that opened them. This open source utility was developed and supported by Victor A. Abell, the retired Associate Director of the Purdue University Computing Center. It works in and supports several Unix flavors.
Open files in the system include disk files, pipes, network sockets and devices opened by all processes. One use for this command is when a disk cannot be unmounted because (unspecified) files are in use. The listing of open files can be consulted (suitably filtered if necessary) to identify the process that is using the files.
# lsof /var
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
syslogd 350 root 5w VREG 222,5 0 440818 /var/adm/messages
syslogd 350 root 6w VREG 222,5 339098 6248 /var/log/syslog
cron 353 root cwd VDIR 222,5 512 254550 /var -- atjobs
To view the port associated with a daemon:
# lsof -i -n -P | grep sendmail
sendmail 31649 root 4u IPv4 521738 TCP *:25 (LISTEN)
From the above one can see that "sendmail" is listening on its standard port of "25".
-i Lists IP sockets.
-n Do not resolve hostnames (no DNS).
-P Do not resolve port names (list port number instead of its name).
One can also list Unix Sockets by using lsof -U.
The /tmp directory keeps filling up but the space reported with user space tools ("du" for example) is next to nothing.
According to the standard system tools:
Digging deeper with "lsof" we see the following:
[root@mail tmp]# lsof | grep "/tmp"
bash 1970 root cwd DIR 9,3 4096 2 /tmp
screen 13507 jgray 3r FIFO 9,3 15747 /tmp/uscreens/S-jgray/13507.pts-0.mail
perl 19932 zimbra 1w REG 9,3 71523 18 /tmp/logswatch.out (deleted)
perl 19932 zimbra 2w REG 9,3 71523 18 /tmp/logswatch.out (deleted)
zmlogger 19937 zimbra 1w REG 9,3 71523 18 /tmp/logswatch.out (deleted)
zmlogger 19937 zimbra 2w REG 9,3 71523 18 /tmp/logswatch.out (deleted)
zmlogger 19937 zimbra 4w REG 9,3 1884374605 26 /tmp/zmlogger.out (deleted)
mysqld_sa 21321 zimbra 1w REG 9,3 70 15 /tmp/zmcontrol.out.20738 (deleted)
mysqld_sa 21321 zimbra 2w REG 9,3 70 15 /tmp/zmcontrol.out.20738 (deleted)
logswatch 21391 zimbra 1w REG 9,3 82 19 /tmp/logswatch.out
logswatch 21391 zimbra 2w REG 9,3 82 19 /tmp/logswatch.out
mysqld 21402 zimbra 5u REG 9,3 0 20 /tmp/ibD4jO0l (deleted)
mysqld 21402 zimbra 6u REG 9,3 0 21 /tmp/ibzy1fOB (deleted)
mysqld 21402 zimbra 7u REG 9,3 0 22 /tmp/ibXukIBR (deleted)
mysqld 21402 zimbra 8u REG 9,3 0 23 /tmp/ibJj1dq7 (deleted)
mysqld 21402 zimbra 12u REG 9,3 0 25 /tmp/iblBE0Vn (deleted)
perl 21423 zimbra 1w REG 9,3 82 19 /tmp/logswatch.out
perl 21423 zimbra 2w REG 9,3 82 19 /tmp/logswatch.out
Regards,
Jaagadish.
lsof is a command meaning "list open files", which is used in many Unix-like systems to report a list of all open files and the processes that opened them. This open source utility was developed and supported by Victor A. Abell, the retired Associate Director of the Purdue University Computing Center. It works in and supports several Unix flavors.
Open files in the system include disk files, pipes, network sockets and devices opened by all processes. One use for this command is when a disk cannot be unmounted because (unspecified) files are in use. The listing of open files can be consulted (suitably filtered if necessary) to identify the process that is using the files.
# lsof /var
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
syslogd 350 root 5w VREG 222,5 0 440818 /var/adm/messages
syslogd 350 root 6w VREG 222,5 339098 6248 /var/log/syslog
cron 353 root cwd VDIR 222,5 512 254550 /var -- atjobs
To view the port associated with a daemon:
# lsof -i -n -P | grep sendmail
sendmail 31649 root 4u IPv4 521738 TCP *:25 (LISTEN)
From the above one can see that "sendmail" is listening on its standard port of "25".
-i Lists IP sockets.
-n Do not resolve hostnames (no DNS).
-P Do not resolve port names (list port number instead of its name).
One can also list Unix Sockets by using lsof -U.
The /tmp directory keeps filling up but the space reported with user space tools ("du" for example) is next to nothing.
According to the standard system tools:
Digging deeper with "lsof" we see the following:
[root@mail tmp]# lsof | grep "/tmp"
bash 1970 root cwd DIR 9,3 4096 2 /tmp
screen 13507 jgray 3r FIFO 9,3 15747 /tmp/uscreens/S-jgray/13507.pts-0.mail
perl 19932 zimbra 1w REG 9,3 71523 18 /tmp/logswatch.out (deleted)
perl 19932 zimbra 2w REG 9,3 71523 18 /tmp/logswatch.out (deleted)
zmlogger 19937 zimbra 1w REG 9,3 71523 18 /tmp/logswatch.out (deleted)
zmlogger 19937 zimbra 2w REG 9,3 71523 18 /tmp/logswatch.out (deleted)
zmlogger 19937 zimbra 4w REG 9,3 1884374605 26 /tmp/zmlogger.out (deleted)
mysqld_sa 21321 zimbra 1w REG 9,3 70 15 /tmp/zmcontrol.out.20738 (deleted)
mysqld_sa 21321 zimbra 2w REG 9,3 70 15 /tmp/zmcontrol.out.20738 (deleted)
logswatch 21391 zimbra 1w REG 9,3 82 19 /tmp/logswatch.out
logswatch 21391 zimbra 2w REG 9,3 82 19 /tmp/logswatch.out
mysqld 21402 zimbra 5u REG 9,3 0 20 /tmp/ibD4jO0l (deleted)
mysqld 21402 zimbra 6u REG 9,3 0 21 /tmp/ibzy1fOB (deleted)
mysqld 21402 zimbra 7u REG 9,3 0 22 /tmp/ibXukIBR (deleted)
mysqld 21402 zimbra 8u REG 9,3 0 23 /tmp/ibJj1dq7 (deleted)
mysqld 21402 zimbra 12u REG 9,3 0 25 /tmp/iblBE0Vn (deleted)
perl 21423 zimbra 1w REG 9,3 82 19 /tmp/logswatch.out
perl 21423 zimbra 2w REG 9,3 82 19 /tmp/logswatch.out
Regards,
Jaagadish.
No comments:
Post a Comment