标题:[实践OK]ps -eo 自定义查看进程组之pid ppid 虚拟内存vsz和实际物理内存rss和命令行cmd的输出方法。lsof -nPp pid查看程序的IP和端口连接情况。stress-ng,并能用lsof -nPp 查看cwd的dir目录位置以方便目录定位,lsof -d 5|grep 2654实现反debug程序PID里的fd对应的tcp连接句柄。ls /proc/57700/cwd/,删目录前看是否有进程打开了目录里的文件之lsof命令。 出处:向东博客 专注WEB应用 构架之美 --- 构架之美,在于尽态极妍 | 应用之美,在于药到病除 时间:Wed, 26 Sep 2018 23:31:15 +0000 作者:jackxiang 地址:http://jackxiang.com/post/9908/ 内容: sudo fstat -p 42477 | grep my.cnf 打开后关掉了,无法找到。 cat /usr/local/etc/rc.d/mysql-server |grep my.cnf # ${mysql_confdir}/my.cnf if it exists. if [ -f "${mysql_confdir}/my.cnf" ]; then : ${mysql_optfile="${mysql_confdir}/my.cnf"} elif [ -f "${mysql_dbdir}/my.cnf" ]; then : ${mysql_optfile="${mysql_dbdir}/my.cnf"} sh -x /usr/local/etc/rc.d/mysql-server start //于是直接-x找my.cnf + : /usr/local/etc/mysql + [ -f /usr/local/etc/mysql/my.cnf ] + [ -f /var/db/mysql/my.cnf ] ls /etc/mysql/my.cnf /etc/my.cnf /usr/local/mysql/my.cnf /usr/local/etc/my.cnf /usr/local/etc/mysql/my.cnf /var/db/mysql/my.cnf ps -eo pid,ppid,pgrp,session,comm --forest|less # Linux上使用,Macbook: brew install pstree ,用pstree ps -eo pid,ppid,pgrp,session,comm|grep -E '(Google\ Chrome|chrome)' 一)基础命令:删目录前看是否有进程打开了目录里的文件之lsof命令。 lsof -c abc 显示abc进程现在打开的文件 lsof -p 列出进程号为1234的进程所打开的文件 lsof -c java #实践成功 lsof -p 51640 #实践成功 lsof -g gid 显示归属gid的进程情况 lsof -g 0|grep zcms-0103 lsof app-2020-08-05.log #lsof abc.txt 显示开启文件abc.txt的进程 lsof -d 4 #lsof -d 4 显示使用fd为4的进程,每个进程PID里都是从0,1,2,3,4开始的,出来的有4的所有进程列表。 lsof abc.txt 显示开启文件abc.txt的进程 来自:https://blog.csdn.net/weixin_34019929/article/details/92364579 二)常用想删目录时查看进程是否打开并在访问: lsof +d /usr/local/ 显示目录下被进程开启的文件 lsof +D /usr/local/ 同上,但是会搜索目录下的目录,时间较长 lsof +d /data/www/zcms3x/zcms-0103 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME oosplash 49169 root cwd DIR 253,17 4096 5245406 /data/www/zcms3x/zcms-0103 soffice.b 49188 root cwd DIR 253,17 4096 5245406 /data/www/zcms3x/zcms-0103 lsof +D /data/www/zcms3x/zcms-0103 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME oosplash 49169 root cwd DIR 253,17 4096 5245406 /data/www/zcms3x/zcms-0103 soffice.b 49188 root cwd DIR 253,17 4096 5245406 /data/www/zcms3x/zcms-0103 kubectl exec stress-pod -- ps -o "rss,vsz,comm"|grep -v VSZ 2576 6256 stress-ng 3628 6900 stress-ng-cpu 64 6256 stress-ng-vm 135m 262m stress-ng-vm 4 1504 ps rss: 物理 vsz: 虚拟 VSS - Virtual Set Size 虚拟耗用内存(包含共享库占用的内存) RSS - Resident Set Size 实际使用物理内存(包含共享库占用的内存) 背景:在多进程时,用那个叫物理内存、虚拟内存的,怎么看?https://blog.csdn.net/i_am_jojo/article/details/7862362 ps -eo 'pid,ppid,vsz,rss,cmd'|grep -E '(redis\-server|malloc)' 781 1 141192 10700 /usr/local/redis/bin/redis-server 10.44.202.1**:6379 ps -eo pid,ppid,gid,sid,tty,cmd --forest|less -e Select all processes. Identical to -A. -o format User-defined format. format is a single argument in the form of a blank-separated or comma-separated list, which offers a way to specify individual output columns. The recognized keywords are described in the STANDARD FORMAT SPECIFIERS section below. Headers may be renamed (ps -o pid,ruser=RealUser -o comm=Command) as desired. If all column headers are empty (ps -o pid= -o comm=) then the header line will not be output. Column width will increase as needed for wide headers; this may be used to widen up columns such as WCHAN (ps -o pid,wchan=WIDE-WCHAN-COLUMN -o comm). Explicit width control (ps opid, wchan:42,cmd) is offered too. The behavior of ps -o pid=X,comm=Y varies with personality; output may be one column named "X,comm=Y" or two columns named "X" and "Y". Use multiple -o options when in doubt. Use the PS_FORMAT environment variable to specify a default as desired; DefSysV and DefBSD are macros that may be used to choose the default UNIX or BSD columns. -C cmdlist Select by command name. This selects the processes whose executable name is given in cmdlist. --forest ASCII art process tree. #ps -eo 'pid,ppid,gid,sid,tty,cmd' |grep Easy 26721 62388 0 62388 pts/4 EasySwoole 26722 26721 0 62388 pts/4 EasySwoole 26744 26722 0 62388 pts/4 EasySwoole.Crontab 31311 26722 0 62388 pts/4 EasySwoole.Worker.0 31312 26722 0 62388 pts/4 EasySwoole.Worker.1 31313 26722 0 62388 pts/4 EasySwoole.Worker.2 31314 26722 0 62388 pts/4 EasySwoole.Worker.3 31315 26722 0 62388 pts/4 EasySwoole.Worker.4 31316 26722 0 62388 pts/4 EasySwoole.Worker.5 31317 26722 0 62388 pts/4 EasySwoole.Worker.6 31318 26722 0 62388 pts/4 EasySwoole.Worker.7 31319 26722 0 62388 pts/4 EasySwoole.TaskWorker.8 31320 26722 0 62388 pts/4 EasySwoole.TaskWorker.9 31321 26722 0 62388 pts/4 EasySwoole.TaskWorker.10 31322 26722 0 62388 pts/4 EasySwoole.TaskWorker.11 31323 26722 0 62388 pts/4 EasySwoole.TaskWorker.12 31324 26722 0 62388 pts/4 EasySwoole.TaskWorker.13 31325 26722 0 62388 pts/4 EasySwoole.TaskWorker.14 31326 26722 0 62388 pts/4 EasySwoole.TaskWorker.15 对Crontab进行查看: lsof -nPp 26744|grep swoole.log php 26744 root 11u REG 253,0 39874179 100744037 /data/logs/php/swoole.lo #lsof -nPp 26721 |grep LISTEN php 26721 root 3u IPv4 763966 0t0 TCP *:8080 (LISTEN) php 26721 root 10u IPv4 762762 0t0 TCP 127.0.0.1:9000 (LISTEN) 26721 62388 0 62388 pts/4 \_ EasySwoole 26722 26721 0 62388 pts/4 \_ EasySwoole 26742 26722 0 62388 pts/4 \_ HotReload 26743 26722 0 62388 pts/4 \_ KafkaAddFormId 26744 26722 0 62388 pts/4 \_ EasySwoole.Crontab 31311 26722 0 62388 pts/4 \_ EasySwoole.Worker.0 31312 26722 0 62388 pts/4 \_ EasySwoole.Worker.1 31313 26722 0 62388 pts/4 \_ EasySwoole.Worker.2 31314 26722 0 62388 pts/4 \_ EasySwoole.Worker.3 31315 26722 0 62388 pts/4 \_ EasySwoole.Worker.4 31316 26722 0 62388 pts/4 \_ EasySwoole.Worker.5 31317 26722 0 62388 pts/4 \_ EasySwoole.Worker.6 31318 26722 0 62388 pts/4 \_ EasySwoole.Worker.7 31319 26722 0 62388 pts/4 \_ EasySwoole.TaskWorker.8 31320 26722 0 62388 pts/4 \_ EasySwoole.TaskWorker.9 31321 26722 0 62388 pts/4 \_ EasySwoole.TaskWorker.10 31322 26722 0 62388 pts/4 \_ EasySwoole.TaskWorker.11 31323 26722 0 62388 pts/4 \_ EasySwoole.TaskWorker.12 31324 26722 0 62388 pts/4 \_ EasySwoole.TaskWorker.13 31325 26722 0 62388 pts/4 \_ EasySwoole.TaskWorker.14 31326 26722 0 62388 pts/4 \_ EasySwoole.TaskWorker.15 ps --headers -eo pid,ppid,GID,tty,sid,vsz,rss,cmd -C EasySwoole To see every process with a user-defined format: ps -eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm Print only the process IDs of syslogd: ps -C syslogd -o pid= 相查看树,能看到进程的继承关系: ps -eo 'pid,ppid,vsz,rss,cmd' --forest 3078 1214 48620 3032 \_ sshd: xiangdong [priv] 3084 3078 48752 1680 \_ sshd: xiangdong@pts/0,pts/1,pts/2 3085 3084 108352 1788 \_ -bash 3644 3085 189592 2940 | \_ sudo su - 3645 3644 163756 1964 | \_ su - 3646 3645 108476 1908 | \_ -bash 5416 3646 108412 1200 | \_ ps -eo pid,ppid,vsz,rss,cmd --forest 5417 3646 105460 816 | \_ less 1481 1 55604 1460 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf 1484 1481 76816 22864 \_ nginx: worker process 1485 1481 76816 22936 \_ nginx: worker process 1486 1481 76816 22936 \_ nginx: worker process 1487 1481 76816 22936 \_ nginx: worker process cat pod-test.yml apiVersion: v1 kind: Pod metadata: name: pod-demo labels: app: myapp tier: frontend namespace: default spec: nodeSelector: zone: "monitor" containers: - name: myapp image: ikubernetes/stress-ng command: ["/usr/bin/stress-ng", "-m 1", "--metrics-brief"] resources: # #requests: # # cpu: "200m" # # memory: "128Mi" limits: # cpu: "2000m" memory: "200Mi" PHP连接未释放之lsof -d 5|grep 2654实现反debug程序PID里的fd对应的tcp连接句柄: 原文,以下是学习到的点:php curl连接未释放,strace结果:poll([{fd=5, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 1000) = 0 (Timeout) https://www.jianshu.com/p/8a247cae629a Nc服务端: [root@golang_server_10_10_0_44:/usr/local/src/go-sftp] #nc -l 1234 GET / HTTP/1.1 User-Agent: curl/7.29.0 Host: 10.10.0.44:1234 Accept: */* Client连接端: [root@swoole_server_10_10_0_45:~] #ps -ef|grep curl root 9055 9012 0 03:57 pts/1 00:00:00 curl 10.10.0.44:1234 #curl 10.10.0.44:1234 #ls /proc/9055/fd 0 1 2 3 [root@swoole_server_10_10_0_45:~] #lsof -d 3|grep 9055 curl 9055 root 3u IPv4 23202662 0t0 TCP wx.levoo.com:41490->localhost:search-agent (ESTABLISHED) #strace -f -p 9055 strace: Process 9055 attached restart_syscall(<... resuming interrupted poll ...>) = 0 poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout) poll([{fd=3, events=POLLIN}], 1, 1000) = 0 (Timeout) poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout) poll([{fd=3, events=POLLIN}], 1, 1000) = 0 (Timeout) poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout) poll([{fd=3, events=POLLIN}], 1, 1000 设置超时后呢? poll([{fd=3, events=POLLIN}], 1, 1000) = 0 (Timeout) poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout) poll([{fd=3, events=POLLIN}], 1, 1000) = 0 (Timeout) poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout) poll([{fd=3, events=POLLIN}], 1, 1000) = 0 (Timeout) poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout) poll([{fd=3, events=POLLIN}], 1, 1000) = 0 (Timeout) poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout) poll([{fd=3, events=POLLIN}], 1, 1000) = 0 (Timeout) poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout) poll([{fd=3, events=POLLIN}], 1, 1000) = 0 (Timeout) poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout) poll([{fd=3, events=POLLIN}], 1, 987) = 0 (Timeout)会提示: curl: (28) Operation timed out after 20001 milliseconds with 0 out of -1 bytes received #curl 10.10.0.44:1234 --connect-timeout 10 -m 20 curl: (28) Operation timed out after 20001 milliseconds with 0 out of -1 bytes received man lsof -d s specifies a list of file descriptors (FDs) to exclude from or include in the output listing. The file descriptors are specified in the comma-separated set s - e.g., ``cwd,1,3'', ``^6,^2''. (There should be no spaces in the set.) lsof -nPp 57700|grep cwd nginx 57700 root cwd DIR 253,16 4096 47185921 /data/www lsof -nPp 33441|grep cwd java 33441 root cwd DIR 104,3 4096 2757893 /data/xxxxrsync ls /proc/33441/cwd/ #/data/xxxxrsync的目录的东西 函数说明:chdir()用户将当前的工作目录改变成以参数路径所指的目录。 连接超时时间用 --connect-timeout 参数来指定,数据传输的最大允许时间用 -m 参数来指定。 一直Poll的解决办法:php curl调用时设置超时 libcurl中同一时候封装了select以及poll这两种I/O机制。 代码中使用宏HAVE_POLL_FINE对这两者进行分离。假设定义了这个宏,则使用poll,否则使用select。 libcurl中同一时候封装了select以及poll这两种I/O机制。 代码中使用宏HAVE_POLL_FINE对这两者进行分离。假设定义了这个宏,则使用poll,否则使用select。 这两者的使用代码都位于函数curl_poll()中,而此函数定义在文件lib/select.c中。我看默认是poll的模式。 Curl不设置超时,对nc -l 1234进行访问会一直不退出的,一直 poll的,刚才实践的确如此,一般都要加上超时参数,如:curl 10.10.0.44:1234 --connect-timeout 10 -m 20 来自:https://blog.csdn.net/weixin_30340745/article/details/98854529 Generated by Jackxiang's Bo-blog 2.1.1 Release