列出某个程序进程所打开的文件信息,显示httpd进程现在打开的文件
lsof -c httpd
显示多个进程命令用法
[root@netkiller ~]# lsof -c smbd COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME smbd 2506 root cwd DIR 8,2 4096 2 / smbd 2506 root rtd DIR 8,2 4096 2 / smbd 2506 root txt REG 8,2 10112200 3935771 /usr/sbin/smbd [root@netkiller ~]# lsof -c smbd -c httpd
-p 进程ID, 显示该进程打开了那些文件
pgrep httpd lsof -p 1782
显示进程ID
# lsof -t -u apache 4374 4375 4376 4377 4378 4379 4380 列出某个程序号打开的文件 [root@netkiller ~]# lsof -p 2374 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME httpd 2374 root cwd DIR 8,2 4096 2 / httpd 2374 root rtd DIR 8,2 4096 2 / httpd 2374 root txt REG 8,2 1772950 4985314 /usr/local/apache/bin/httpd httpd 2374 root DEL REG 0,4 12653 /dev/zero httpd 2374 root mem REG 8,2 90784 5636110 /lib64/libgcc_s-4.4.7-20120601.so.1
监控多个进程ID
[root@netkiller neo]# lsof -p 20535,26359,31462 | more COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME nginx 20535 root cwd DIR 253,1 4096 2 / nginx 20535 root rtd DIR 253,1 4096 2 / nginx 20535 root txt REG 253,1 1066704 142069 /usr/sbin/nginx nginx 20535 root DEL REG 0,4 686393039 /dev/zero nginx 20535 root mem REG 253,1 61928 162109 /usr/lib64/libnss_files-2.17.so nginx 20535 root mem REG 253,1 153192 151546 /usr/lib64/liblzma.so.5.0.99 nginx 20535 root mem REG 253,1 147120 133015 /usr/lib64/libselinux.so.1 nginx 20535 root mem REG 253,1 110808 162113 /usr/lib64/libresolv-2.17.so nginx 20535 root mem REG 253,1 15688 134676 /usr/lib64/libkeyutils.so.1.5 nginx 20535 root mem REG 253,1 62720 158030 /usr/lib64/libkrb5support.so.0.1 nginx 20535 root mem REG 253,1 202576 137049 /usr/lib64/libk5crypto.so.3.1 nginx 20535 root mem REG 253,1 15840 133029 /usr/lib64/libcom_err.so.2.1 nginx 20535 root mem REG 253,1 950496 137059 /usr/lib64/libkrb5.so.3.3 nginx 20535 root mem REG 253,1 316528 151679 /usr/lib64/libgssapi_krb5.so.2.2 nginx 20535 root mem REG 253,1 11376 151527 /usr/lib64/libfreebl3.so nginx 20535 root mem REG 253,1 2112384 132823 /usr/lib64/libc-2.17.so nginx 20535 root mem REG 253,1 90632 133017 /usr/lib64/libz.so.1.2.7 nginx 20535 root mem REG 253,1 2016880 132882 /usr/lib64/libcrypto.so.1.0.1e nginx 20535 root mem REG 253,1 449904 137215 /usr/lib64/libssl.so.1.0.1e nginx 20535 root mem REG 253,1 398264 160788 /usr/lib64/libpcre.so.1.2.0 nginx 20535 root mem REG 253,1 40816 151198 /usr/lib64/libcrypt-2.17.so nginx 20535 root mem REG 253,1 142304 132849 /usr/lib64/libpthread-2.17.so nginx 20535 root mem REG 253,1 19520 162101 /usr/lib64/libdl-2.17.so nginx 20535 root mem REG 253,1 164440 132816 /usr/lib64/ld-2.17.so nginx 20535 root DEL REG 0,4 686393042 /dev/zero nginx 20535 root 0u CHR 1,3 0t0 1028 /dev/null nginx 20535 root 1u CHR 1,3 0t0 1028 /dev/null
排除1,4,显示2,3,5
[root@netkiller neo]# lsof -p ^1,2,3,^4,5 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME kthreadd 2 root cwd DIR 253,1 4096 2 / kthreadd 2 root rtd DIR 253,1 4096 2 / kthreadd 2 root txt unknown /proc/2/exe ksoftirqd 3 root cwd DIR 253,1 4096 2 / ksoftirqd 3 root rtd DIR 253,1 4096 2 / ksoftirqd 3 root txt unknown /proc/3/exe kworker/0 5 root cwd DIR 253,1 4096 2 / kworker/0 5 root rtd DIR 253,1 4096 2 / kworker/0 5 root txt unknown /proc/5/exe
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。
