I'm writing Linux shell script (sh, bash or csh) to identify which syslog daemon is running.
What is the best way to do it?
Since I only consider RHEL and rpm based destribution, Debian and its derivatives can be ignored.
To the best of my knowledge, syslog-ng and rsyslog (the default) are the only ones available on RHEL. You could either probe the process space, see which process currently holds /var/log/syslog open or simply check which syslog daemon is installed (though, it's possible to have them both installed at the same time).
$ lsof /var/log/messages /var/log/syslog 2>&1 | grep syslog
$ rpm -q rsyslog syslog-ng
$ pgrep -u root syslog | xargs ps -p
One could parse the output of lsof to see which processes have the file /var/log/syslog open, a very crude example would be:
sudo lsof | grep /var/log/syslog | cut -f1 -d' '
If you are using a single distribution there may be more elegant ways of checking.
On a debian-based system, run the following script to see what's installed:
dpkg-query -l '*syslog*' | grep ii
This will give you output similar to the following
ii rsyslog 7.4.4-1ubuntu2.3 i386 reliable system and kernel logging daemon
That way you don't have to grep files etc. Hope it helps you out.
Related
I am trying to locate a file used by a binary file during its execution. Using strace helps but its way too convoluted, macroed with grep is good enough, but does there exist an utility which can help me dump only files used by a binary?
you can try using:
lsof -p PID of the running process
lsof -c ssh would show all files opened by processes starting with the letter
Or try ltrace or maybe fuser
I've seen strace be used with some complex grep piping.. but it all depends on what exactly the end goal is.
You can also utilize the -e options in strace to filter, example is:
sudo strace -t -e trace=open,close,read,getdents,write,connect,accept whoami >/dev/null
and grep from there..
I have a problem where my Java application opens too many files. Debugging this issue, I am dependent on using lsof.
However running lsof this way takes too much time (more than one minutt):
lsof |grep "java"
I should be able to run it using the -p option, however it "lies". It shows too few lines.
lsof -p <PID of the java process>
This is my proof :
lsof |grep java | wc -l
1510146
lsof -p 802 | wc -l
4735
The same happens if I use the -u option limiting to username (process owner).
My system is :
Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1+deb8u2 (2017-03-07) x86_64 GNU/Linux
Am I missing something ? Is there an alternative to using lsof ?
lsof is not lying.
The output of the command:
lsof |grep java | wc -l
may contain results of files or processes opened by other programs.
The result you are searching for is the result of the command:
lsof -p <PID> | wc -l
You can increase the limit of opened files for the user running your java application adding this line in /etc/security/limits.conf:
<USER> hard nofile 65536
you can check the current user's limits by typing:
su - <USER>
ulimit -a
lsof without parameter lists all open files, including files which are not using file descriptors – such as current working directories, memory mapped library files, and executable text files.
lsof -p <PID> lists open file descriptors. A file descriptor is a data structure used by a program to get a handle on a file, the most well know being 0,1,2 for standard in, standard out, and standard error.
See: https://www.netadmintools.com/art295.html
Based on my observation, it seems that
lsof | grep <pid> | wc -l
will give duplicate count, because every thread in the specified process will add a line, e.g. if your process have 8 threads, the result will be more than 8x the actual file count.
On the other hand,
lsof -p <PID> | wc -l
produce more exact result, because each file is counted (printed) only once.
Although I have not found official reference for this issue yet.
I'm working on MINI2440 and building a custom OS for it using buildroot, but for testing purpose I'm using OS downloaded from official website.
So the problem is, I'm using usbpush to push OS images in MINI2440 through USB, but it popups the message when I enter below commond
sudo ./usbpush supervivi-128M 0x30008000
Unable to claim usb interface 1 of device: could not claim interface 0: Device or resource busy
I don't understand one concept that, whenever I assign executable permission to usbpush, it runs automatically in background. It's clearly seen below
ps -ef | grep usb*
silicod+ 2431 2207 0 10:25 pts/10 00:00:00 grep --color=auto usbpush
I tried to kill using
sudo kill -9 2431
But it creates new pid and again run itsellf in background. I tried googling but nothing works for me.
=============================================================
Well, I got my solution. I don't know what is the problem with my usbpush tool, but I downloaded another tool and it works very well. Here is the link to that tool , may it help someone
Friendly_ARM_Mini2440_USBPUSH
Cheers....!
lovely ;-)
well I guess it is actually not running..
ps -ef will give you details about all running processes
grep usb* - (loose the *) will find any lines containing usb
the way unix/linux does it is that grep gets started first and then the "|" connects output of ps -ef to grep's input
so what you are finding is the grep command itself
what you want is ps -ef | grep -v grep | grep usb - this will work unless your "usb" command is something like grepusb or usbgrep or the line contains grep..
I tried to remove a file in Linux using rm -rf file_name, but got the error:
rm: file_name not removed. Text file busy
How can I find out which process is using this file?
You can use the fuser command, which is part of the psmisc package, like:
fuser file_name
You will receive a list of processes using the file.
You can use different flags with it, in order to receive a more detailed output.
You can find more info in the fuser's Wikipedia article, or in the man pages.
#jim's answer is correct -- fuser is what you want.
Additionally (or alternately), you can use lsof to get more information including the username, in case you need permission (without having to run an additional command) to kill the process. (THough of course, if killing the process is what you want, fuser can do that with its -k option. You can have fuser use other signals with the -s option -- check the man page for details.)
For example, with a tail -F /etc/passwd running in one window:
ghoti#pc:~$ lsof | grep passwd
tail 12470 ghoti 3r REG 251,0 2037 51515911 /etc/passwd
Note that you can also use lsof to find out what processes are using particular sockets. An excellent tool to have in your arsenal.
For users without fuser :
Although we can use lsof, there is another way i.e., we can query the /proc filesystem itself which lists all open files by all process.
# ls -l /proc/*/fd/* | grep filename
Sample output below:
l-wx------. 1 root root 64 Aug 15 02:56 /proc/5026/fd/4 -> /var/log/filename.log
From the output, one can use the process id in utility like ps to find program name
$ lsof | tree MyFold
As shown in the image attached:
I am writing a portable shell script to get system process information, I need process id, command, pwdx (linux). On linux I am able to get this information as follows.. but it fails on all other unix flavours.
$ ps -awwwwwww -u <userid> -o pid,cmd|grep -i <filter_term> | egrep -v grep
$ pwdx <pid>
what I should use on AIX, HPUX and Solaris to get the similar information, or there any cross platform command
On Solaris I have tried /usr/ucb/ps but that support formatted output and lsof for pwdx equivalent but that also doesn't show what I need
On Solaris I have tried /usr/ucb/ps but that support formatted output:
What is wrong with formatted output ?
and lsof for pwdx equivalent but that also doesn't show what I need.
That doesn't make sense. pwdx is a Solaris native command and was even originally implemented on that OS.
Linux != Unix. And in the same hand, the commands are not always going to be the same, for instance GNU ps is not like Solaris ps or HP-UX ps etc. In some cases the Vendor Unix flavors offer a "compatibility binary" like those stashed in /usr/ucb on solaris. But ultimately you need to look at the man page for each version and review the output format options.
Edit. That is for in general all commands. Including grep, egrep etc.
To show the full command name, use this
ps -eo comm
This will show the command that was run. (ps is from /usr/bin on my Solaris system 5.11)