1. lsof 란??
Unix,Linux 에서 시스템에서 구동되고 있는 프로세스에 의해서 열려진 파일을 확인 할수 있다.
유닉스 계열의 OS 는 모든걸 파일로 관리 하기때문에, 소켓 및 port 도 가능하다
2. lsof 옵션 및 사용법
lsof --help 를 치면 아래와 같이 옵션 및 사용법을 볼수 있다.
usage: [ -?abChlnNOPRstUvVX ] [ -A A ] [ -c c ] [ +c c ] [ +|-d d ] [ +|-D D ] [ +|-f [cfgGn] ]
[ -F [f] ] [ -g [s] ] [ -i [i] ] [ -k k ] [ +|-L [l] ] [ +|-m m ] [ +|-M ] [ -o [o] ] [ -p s ] [ +|-r [t] ]
[ -S [t] ] [ -T [t] ] [ -u s ] [ +|-w ] [ -x [fl] ] [ -z [z] ] [ -Z [Z] ] [ -- ] [names]
lsof 의 옵션
-?, -h list help
-a AND selections (OR)
-d s select by FD set
-D D ?|i|b|r|u[path]
+|-f -files +filesys
-l list UID numbers
-n no host names
-N select NFS files
-s list file size
-t terse listing
-T disable TCP/TPI info
-v display version info
-V verbose search
-F [f] select fields;-F? for help
-o o o 0t offset digits (8)
-S [t] t second stat timeout(15)
-i i select by IPv4 address: [proto][@host|addr][:svc_list|port_list]
+|-r [t] repeat every t seconds (15);
+ until no files, - forever
-b avoid kernel blocks
-c c list command c
-P no port names
-i select IPv4 files
-p s select by PID set
-C no kernel name cache
+|-w Warnings (+)
-R list paRent PID
-k k kernelsymbols (/dev/ksyms)
-U select Unix socket
-u s exclude(^)/select login/UID s
-m m kernel memory (/dev/kmem)
+|-M portMap registration (-)
-- end option scan
-g [s] select by process group ID set and print process group IDs
names select named files or files on named file systems
3. lsof 이용방법
# lsof /var/log/messages
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
rsyslogd 17648 root 1w REG 202,6 1263 1229982 /var/log/messages
특정 디렉토리를 엑세스 하는 프로세스 확인
# lsof /var
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME dhclient 1149 root 3w REG 202,6 1525 491525 /var/lib/dhclient/dhclient-eth0.leasesrpc.statd 1238 rpcuser cwd DIR 202,6 4096 491594 /var/lib/nfs/statd
rpc.statd 1238 rpcuser 5w REG 202,6 5 1269788 /var/run/rpc.statd.pid
hald 1358 haldaemon mem REG 202,6 325120 1294337 /var/cache/hald/fdi-cache
automount 1424 root 9u FIFO 202,6 0t0 1269796 /var/run/autofs.fifo-misc
automount 1424 root 15u FIFO 202,6 0t0 1269797 /var/run/autofs.fifo-net
rpc.mount 1470 root cwd DIR 202,6 4096 491590 /var/lib/nfs
rpc.mount 1470 root 6r REG 202,6 294 491859 /var/lib/nfs/etab
httpd 1530 root 2w REG 202,6 245 1236995 /var/log/httpd/error_log
httpd 1530 root 7w REG 202,6 110412 1236994 /var/log/httpd/access_log
crond 1546 root 3u REG 202,6 5 1269802 /var/run/crond.pid
httpd 14221 apache 2w REG 202,6 245 1236995 /var/log/httpd/error_log
httpd 14221 apache 7w REG 202,6 110412 1236994 /var/log/httpd/access_log
httpd 14222 apache 2w REG 202,6 245 1236995 /var/log/httpd/error_log
httpd 14222 apache 7w REG 202,6 110412 1236994 /var/log/httpd/access_log
httpd 14223 apache 2w REG 202,6 245 1236995 /var/log/httpd/error_log
httpd 14223 apache 7w REG 202,6 110412 1236994 /var/log/httpd/access_log
httpd 14224 apache 2w REG 202,6 245 1236995 /var/log/httpd/error_log
httpd 14224 apache 7w REG 202,6 110412 1236994 /var/log/httpd/access_log
httpd 14225 apache 2w REG 202,6 245 1236995 /var/log/httpd/error_log
httpd 14225 apache 7w REG 202,6 110412 1236994 /var/log/httpd/access_log
httpd 14226 apache 2w REG 202,6 245 1236995 /var/log/httpd/error_log
httpd 14226 apache 7w REG 202,6 110412 1236994 /var/log/httpd/access_log
httpd 14228 apache 2w REG 202,6 245 1236995 /var/log/httpd/error_log
httpd 14228 apache 7w REG 202,6 110412 1236994 /var/log/httpd/access_log
httpd 14229 apache 2w REG 202,6 245 1236995 /var/log/httpd/error_log
httpd 14229 apache 7w REG 202,6 110412 1236994 /var/log/httpd/access_log
rsyslogd 17648 root 1w REG 202,6 1263 1228892 /var/log/messages
rsyslogd 17648 root 2w REG 202,6 4024612 1228854 /var/log/cron
rsyslogd 17648 root 4w REG 202,6 46463 1228894 /var/log/secure
rsyslogd 17648 root 5w REG 202,6 22173 1228880 /var/log/maillog
특정 프로세스가 엑세스 하는 file 확인
# lsof -p 17648
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rsyslogd 17648 root cwd DIR 202,3 4096 2 /
rsyslogd 17648 root rtd DIR 202,3 4096 2 /
rsyslogd 17648 root txt REG 202,3 391968 1171619 /sbin/rsyslogd
rsyslogd 17648 root mem REG 202,3 156872 32775 /lib64/ld-2.12.so
rsyslogd 17648 root DEL REG 202,3 32862 /lib64/libz.so.1.2.3
rsyslogd 17648 root mem REG 202,3 145720 32836 /lib64/libpthread-2.12.so
rsyslogd 17648 root mem REG 202,3 22536 32843 /lib64/libdl-2.12.so
rsyslogd 17648 root mem REG 202,3 47064 32847 /lib64/librt-2.12.so
rsyslogd 17648 root mem REG 202,3 93224 32839 /lib64/libgcc_s-4.4.7-20120601.so.1
rsyslogd 17648 root mem REG 202,3 1922152 32820 /lib64/libc-2.12.so
rsyslogd 17648 root mem REG 202,3 26984 33148 /lib64/rsyslog/lmnet.so
rsyslogd 17648 root mem REG 202,3 65928 32797 /lib64/libnss_files-2.12.so
rsyslogd 17648 root mem REG 202,3 340568 33147 /lib64/rsyslog/imuxsock.so
rsyslogd 17648 root mem REG 202,3 27232 33141 /lib64/rsyslog/imklog.so
rsyslogd 17648 root 0u unix 0xffff8804f2b2c080 0t0 6617655 /dev/log
rsyslogd 17648 root 1w REG 202,6 1263 1228892 /var/log/messages
rsyslogd 17648 root 2w REG 202,6 4026633 1228854 /var/log/cron
rsyslogd 17648 root 3r REG 0,3 0 4026532299 /proc/kmsg
rsyslogd 17648 root 4w REG 202,6 46463 1228894 /var/log/secure
rsyslogd 17648 root 5w REG 202,6 22173 1228880 /var/log/maillog
특정 포트를 사용하는 프로세스 확인
# lsof -i TCP:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 2038 root 3u IPv4 335060822 0t0 TCP *:ssh (LISTEN)
sshd 2038 root 4u IPv6 335060824 0t0 TCP *:ssh (LISTEN)
sshd 11173 root 3u IPv4 651519037 0t0 TCP c-apm-pk1-a01.csdfcloud.internal:ssh->10.222.111.2:60892 (ESTABLISHED)
sshd 11228 82022303 3u IPv4 651519037 0t0 TCP c-apm-pk1-a01.csdfcloud.internal:ssh->10.222.111.2:60892 (ESTABLISHED)
sshd 19482 root 3u IPv4 650944484 0t0 TCP c-apm-pk1-a01.csdfcloud.internal:ssh->10.222.111.2:56506 (ESTABLISHED)
sshd 19484 82022303 3u IPv4 650944484 0t0 TCP c-apm-pk1-a01.csdfcloud.internal:ssh->10.222.111.2:56506 (ESTABLISHED)
특증 데몬이 사용하는 file 확인
#lsof -c httpd
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 1530 root cwd DIR 202,3 4096 2 /
httpd 1530 root rtd DIR 202,3 4096 2 /
httpd 1530 root txt REG 202,5 354816 688396 /usr/sbin/httpd
httpd 1530 root mem REG 202,5 9488 213039 /usr/lib64/apr-util-1/apr_ldap-1.so
httpd 1530 root mem REG 202,3 65928 32797 /lib64/libnss_files-2.12.so
httpd 1530 root mem REG 202,5 10416 213157 /usr/lib64/httpd/modules/mod_version.so
httpd 1530 root mem REG 202,5 27312 213063 /usr/lib64/httpd/modules/mod_cgi.so
httpd 1530 root mem REG 202,5 22992 213130 /usr/lib64/httpd/modules/mod_disk_cache.so
httpd 1530 root mem REG 202,5 10384 213154 /usr/lib64/httpd/modules/mod_suexec.so
httpd 1530 root mem REG 202,5 39664 213124 /usr/lib64/httpd/modules/mod_cache.so
httpd 1530 root mem REG 202,5 14648 213146 /usr/lib64/httpd/modules/mod_proxy_connect.so
httpd 1530 root mem REG 202,5 39632 213144 /usr/lib64/httpd/modules/mod_proxy_ajp.so
httpd 1530 root mem REG 202,5 31472 213148 /usr/lib64/httpd/modules/mod_proxy_http.so
httpd 1530 root mem REG 202,5 35600 213147 /usr/lib64/httpd/modules/mod_proxy_ftp.so
httpd 1530 root mem REG 202,5 27160 213145 /usr/lib64/httpd/modules/mod_proxy_balancer.so
httpd 1530 root mem REG 202,5 85328 213143 /usr/lib64/httpd/modules/mod_proxy.so
httpd 1530 root mem REG 202,5 60464 213095 /usr/lib64/httpd/modules/mod_rewrite.so
4. 운영중에 특정 데몬(jboss등) 을 기동 하려고 하는데 port(5440)를 이미 다른 프로세스가 사용 중이여서 기동 할수 없다라는 메세지가 나오면 lsof 를 이용하여 해결 할수 있다.
(* lsof -i TCP:5440 )
write by 허시영
'3. OS이야기 > 01. Administration' 카테고리의 다른 글
| Process Explorer 툴을 이용하여 process가 사용중인 Socket 번호 확인하기 (0) | 2014.12.02 |
|---|---|
| OS TOP 카맨드 사용하기 (0) | 2014.11.26 |
| SELinux 기능 끄기와 켜기 (0) | 2014.10.31 |
| dmidecode 사용법 (0) | 2014.10.31 |
| Linux version 확인 방법 (0) | 2014.09.30 |