I'm trying to understand the output of my lsof command, more specifically, several deleted files with ";58a07f8b" after their name.
This is happening to more processes like bash or ssh.
I'm using lsof version 4.87, on CentOS Linux release 7.3.1611
Thanks in advance!
Related
I need to discover what processes are using a specific disk. This is a multipath disk but I cannot find a way of setting up a way to record to a log file what processes are running when a particular disk is being read or written to. I know the major:minor block IDs using lsblk then lsof but these only show current activity and as there currently is none, I cannot find out the process that uses this disk.
Any ideas anyone?
You can use lsof. Lsof revision lists on its standard output file information about files opened by processes. for example this command below will list all files that are opened for writing:
lsof | grep -e "[[:digit:]]\+w > mylogfile.log"
you can redirect the command to log file if you which with the redirect operator >
I need to add monit checker for my filbeat/metricbeat process.
I want to check the process via pid file, but I can't find where the system stores these files in centos 7.
e.g. in my local ubuntu 14.04 it stores under this path /var/run/filebeat.pid, /var/run/metricbeat.pid.
I have tried to find the file in the whole system (find / -name filebeat.pid), but I couldn't.
If there is no why to check via pidfile, do I have another way to check the process state?
Any suggestion would be helpful, thanks in advance )
First get the process id using the name of the executable e.g. filebeat/metricbeat in your case.
Here's an example searching for the xinetd process
Search for your process using pgrep:
$ sudo pgrep xinetd
1180
1180 is the PID of the xinetd process. You can get its arguments like so:
$ cat /proc/1180/cmdline
/usr/sbin/xinetd-stayalive-pidfile/var/run/xinetd.pid
If this doesn't specify the pidfile as an argument, you can try lsof to list open files associated with the process id.
$ sudo lsof -p <Process ID>
I am writing a portable shell script to get system process information, I need process id, command, pwdx (linux). On linux I am able to get this information as follows.. but it fails on all other unix flavours.
$ ps -awwwwwww -u <userid> -o pid,cmd|grep -i <filter_term> | egrep -v grep
$ pwdx <pid>
what I should use on AIX, HPUX and Solaris to get the similar information, or there any cross platform command
On Solaris I have tried /usr/ucb/ps but that support formatted output and lsof for pwdx equivalent but that also doesn't show what I need
On Solaris I have tried /usr/ucb/ps but that support formatted output:
What is wrong with formatted output ?
and lsof for pwdx equivalent but that also doesn't show what I need.
That doesn't make sense. pwdx is a Solaris native command and was even originally implemented on that OS.
Linux != Unix. And in the same hand, the commands are not always going to be the same, for instance GNU ps is not like Solaris ps or HP-UX ps etc. In some cases the Vendor Unix flavors offer a "compatibility binary" like those stashed in /usr/ucb on solaris. But ultimately you need to look at the man page for each version and review the output format options.
Edit. That is for in general all commands. Including grep, egrep etc.
To show the full command name, use this
ps -eo comm
This will show the command that was run. (ps is from /usr/bin on my Solaris system 5.11)
I am running Ubuntu 10.4 and am mounting a drive using cifs. The command I'm using is:
'sudo mount -t cifs -o workgroup="workgroup",username="username",noserverino,ro //"drive" "mount_dir"'
(Obviously with "" values substituted for actual values)
When I then run the command ls -i I get: 394070
Running it a second time I get: 12103522782806018
Is there any reason to expect the inode value to change?
Running ls -i --full-time shows no change in modification time.
noserverino tells your mount not to use server-generated inode numbers, and instead use client-generated temporary inode numbers, to make up for them. Try with serverino, if your server and the exported filesystem support inode numbers, they should be persistent.
I found that using the option "nounix" before the "noserverino" kept the inodes small and persistent. I'm not really sure why this happened. The server is AIX and I'm running it from Ubuntu. Thank you for your response.
Today I had the problem that I couldn't delete a folder because "it was busy".
How can I find out which application to blame for that or can I just delete it with brute force?
Use lsof to find out what has what files are open.
man lsof or have a look here
The fuser Unix command will give you the PIDs of the processes accessing a file.
lslocks lists information about all the currently held file locks in a Linux system. (part of util-linux) this utility has support for json output, which is nice for scripts.
~$ sudo lslocks
COMMAND PID TYPE SIZE MODE M START END PATH
cron 873 FLOCK 4B WRITE 0 0 0 /run/crond.pid
..
..
fuser will show you which processes are accessing a file or directory.