Problem:
You have a service that cannot bind to a port and the only message you have in log files is 'port already in use' or you have a need to find out exactly what processes are currently manipulating your server and what files they are affecting.
Solution:
Use the "lsof" command. lsof stands for LiSt Open Files. lsof can save you a lot of time and hassle if you are just checking on the status of your machine, but more importantly can give you valuable information and point you in the right direction when troubleshooting what exactly your machine is up to. Most are familiar with the command 'netstat' which provides a wealth of information about your network sockets. But the name implies exactly what it is good at: revealing information about your network sockets.
lsof takes it a notch further. Linux treats most everything as a file. Sockets, devices, directories, etc, can all be viewed as files. When a process or application interacts with these files it has to "open" them if you will. Using this command you can delve into and see what your system is up to. Checking out the man pages on lsof (#man lsof) is a great start to see how to explore the current "goingson" of your box. Some examples are included to show you the power and wealth of information from this little lister.
It's a great tool for administrators.
Example:
Show all open TCP files - Will return what service is running, who is running it, the process ID and the connections on all TCP ports:
# lsof -i TCP
Show open TCP files on port 80 -
# lsof -i TCP:80
returns --> httpd2-wo 7010 wwwrun 3u IPv6 14787 TCP *:http (LISTEN)
Show open LDAP connections on TCP -
# lsof -i TCP:636
Want to know what files are open by a particular command (substitute your command after the c, and yes you can abbreviate it matches the closest command)-
# lsof -c mysq
returns -->
mysqld 991 admin cwd DIR 8,3 240 148743 /home/admin/novell/idm/mysql/data
mysqld 991 admin rtd DIR 8,3 536 2 /
mysqld 991 admin txt REG 8,3 5464060 148691 /home/admin/novell/idm/mysql/bin/mysqld
mysqld 991 admin 0r CHR 1,3 41715 /dev/null
mysqld 991 admin 1w REG 8,3 1250 149954 /home/admin/novell/idm/mysql/mysql.log
mysqld 991 admin 2w REG 8,3 1250 149954 /home/admin/novell/idm/mysql/mysql.log
mysqld 991 admin 3u IPv4 86990 TCP *:63306 (LISTEN)...
Want to know what files are open by a particular device?
#lsof /dev/cdrom
returns --> bash 30904 admin cwd
DIR 3,0 2048 63692 /media/cdrecorder/linux/user_application_provisioning
You can change TCP to UDP and narrow down your requests to very specific items you
want to target (i.e. is there an established connection from xyz.somesite.com?).
# lsof -i TCP@192.168.0.2:636 (lists LDAP connections to my server)
returns --> java 890 root 18u IPv6 8365030
TCP myserver.somecompany.com:42936->myserver.somecompany.com:ldaps (ESTABLISHED)
ndsd 6520 root 262u IPv4 8390927
TCP myserver.somecompany.com:ldaps->myserver.somecompany.com:43123 (ESTABLISHED)
List all open files belonging to PID (process ID) 11925:
#lsof -p 11925
List all open files belonging to processes owned by the user named "al":
#lsof -u al
List files open in the directory specified, but don't descend into sub-directories:
#lsof +d '/Users/al'
The next command lists files that are open in the directory specified, and also descends into sub-directories. Beware: this can take a very long time to run for large directory structures:
#lsof +D '/Users/al'
skip to main |
skip to sidebar
for sys admin problems
U Know Who I Am
Blog Archive
Search This Blog
Followers
"A Winner is not one who never fails, but One who Never Quits"
No comments:
Post a Comment