find log-file location of Linux process with lsof


If you are testing or debugging a software you often need to know where the logfiles of that process are located (for example apache httpd logfiles or mysql logfiles). Many people tend to look into the default location – or try to find that information in the default location of the configuration files or an outdated manual. This works fine – as long as the software is actually installed in a default location or the manual is up to date.

In most cases you can use the tool lsof (list open files) instead to easily find all open files of a process.

find-logfile-location

Find logfiles with lsof and grep filter

The easiest way to find open logfiles … run as root user:

# shows all open files:

[email protected]:~# lsof 
...

# shows all open files that contain the string "log" in the filename:

[email protected]:~# lsof | grep -e log 
...
cupsd     13279             root    4u      REG              252,1     2086     394345 /var/log/cups/access_log
httpd     18971 root    2w   REG             253,15     2278      6723 /var/log/httpd/error_log
httpd     18971 root   12w   REG             253,15        0      1387 /var/log/httpd/access_log
...

# shows all open files that contain the string "log" and "access" in the filename (to find apache access logs) :

[email protected]:~# lsof | grep log | grep access
...
cupsd     13279             root    4u      REG              252,1     2086     394345 /var/log/cups/access_log
httpd     18971 root   12w   REG             253,15        0      1387 /var/log/httpd/access_log
...

Use PID to filter for open files by process

Example: find PID of httpd (same concept applies for mysql and other services)

1. Find the pid (ProcessID) of the relevant process.

# ps axu |grep httpd
- snip -
root     18971  0.0  0.3 495964 64388 ?        Ssl  Jan10   4:47 /usr/sbin/httpd
- snip -

2. Search open logfiles using lsof and the PID (and grep for “log”).

# lsof -p 18971 |grep log
httpd   18971 root    2w   REG             253,15     2278      6723 /var/log/httpd/error_log
httpd   18971 root   12w   REG             253,15        0      1387 /var/log/httpd/access_log	

Like this you can easily find open log files on an unknown system for an unknown process in less than a minute. So you don’t need to lookup this information in the manuals …

Leave a comment

Your email address will not be published. Required fields are marked *