|
Have you ever asked yourself what files a specific application is accessing at the moment? If the answer is yes and you are running Solaris then pfiles(1) is the answer.
First you need to find the PID of the application that you are interested in. In this example will we look at syslog.
# ps -ef | grep syslog
root 349 1 0 Jul 13 ? 0:00 /usr/sbin/syslogd
The PID is 349. To get a list of the open files you run pfiles like this:
# pfiles 349
349: /usr/sbin/syslogd
Current rlimit: 65536 file descriptors
0: S_IFDIR mode:0755 dev:102,3 ino:2 uid:0 gid:0 size:1536
O_RDONLY
/
1: S_IFDIR mode:0755 dev:102,3 ino:2 uid:0 gid:0 size:1536
O_RDONLY
/
2: S_IFDIR mode:0755 dev:102,3 ino:2 uid:0 gid:0 size:1536
O_RDONLY
/
3: S_IFCHR mode:0000 dev:270,0 ino:50368 uid:0 gid:0 rdev:41,53
O_RDWR
/devices/pseudo/udp@0:udp
4: S_IFDOOR mode:0444 dev:279,0 ino:57 uid:0 gid:0 size:0
O_RDONLY|O_LARGEFILE FD_CLOEXEC door to nscd[132]
/var/run/name_service_door
5: S_IFCHR mode:0600 dev:270,0 ino:50855940 uid:0 gid:3 rdev:97,0
O_WRONLY|O_APPEND|O_NOCTTY|O_LARGEFILE
/devices/pseudo/sysmsg@0:sysmsg
6: S_IFREG mode:0644 dev:102,3 ino:3056 uid:0 gid:0 size:358
O_WRONLY|O_APPEND|O_NOCTTY|O_LARGEFILE
/var/adm/messages
7: S_IFREG mode:0644 dev:102,3 ino:2538 uid:0 gid:3 size:8316
O_WRONLY|O_APPEND|O_NOCTTY|O_LARGEFILE
/var/log/syslog
8: S_IFCHR mode:0000 dev:270,0 ino:54554 uid:0 gid:0 rdev:21,6
O_RDONLY
/devices/pseudo/log@0:log
9: S_IFDOOR mode:0777 dev:277,0 ino:0 uid:0 gid:0 size:0
O_RDWR FD_CLOEXEC door to syslogd[349]
The first line show the current limit on filehandles, in this 65536. After that you can see the output, three lines per file. The leftmost number is the file handle number and after the number is permissions on the file, what device, inode, owner and group. The second line are the options used to open the files and the third line is the name of the file. E.g on file handle 6 and 7 you can see that the file that is open is /var/adm/messages and /var/log/syslog.
Since everything is a file in UNIX you can also get a list of network ports your application is listening to. In the example below I have used pfiles(1) on a bacula-sd process (storage daemon).
...I have snipped away a few lines in the beginning...
5: S_IFSOCK mode:0666 dev:276,0 ino:8748 uid:0 gid:0 size:0
O_RDWR
SOCK_STREAM
SO_REUSEADDR,SO_KEEPALIVE,SO_SNDBUF(49152),SO_RCVBUF(49189),IP_NEXTHOP(37.192.0.0)
sockname: AF_INET 192.168.127.3 port: 9103
peername: AF_INET 192.168.127.3 port: 32863
6: S_IFSOCK mode:0666 dev:276,0 ino:8747 uid:0 gid:0 size:0
O_RDWR
SOCK_STREAM
SO_REUSEADDR,SO_KEEPALIVE,SO_SNDBUF(65536),SO_RCVBUF(49200),IP_NEXTHOP(48.192.0.0)
sockname: AF_INET 192.168.127.3 port: 9103
peername: AF_INET 192.168.127.3 port: 32865
Here you see that file handle 5 and 6 are TCP connections. You even get the IP address of both end points.
pfiles(1) can be quite useful to figure out what configuration files are open or what network sessions the application is currently using.
|
