looking for packages versions of running daemons
Israel Garcia
a way to know remotely on every server:
1. Name of running daemons and ports (tcp/udp) they're using.
2. Version of the package (installed by APT) used by these daemons.
3. Version of the latest package (from deb mirros) used by these daemons.
I tried to make a script but didn't resolve my problem.
Can you help me?
thanks a lot
--
Regards;
Israel Garcia
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Cameron Hutchison
>I have more than 10 debian (etch and lenny) servers and I want to find
>a way to know remotely on every server:
>1. Name of running daemons and ports (tcp/udp) they're using.
>2. Version of the package (installed by APT) used by these daemons.
>3. Version of the latest package (from deb mirros) used by these daemons.
>I tried to make a script but didn't resolve my problem.
Here's a script I just wrote to do what you want (it was an interesting
diversion).
For requirement #3, I'm not sure exactly what you wanted, so I took the
easy way out. I assumed you wanted the latest version for the
distribution you have in your /etc/apt/sources.list. To make the script
work, run apt-get update first so that your apt-cache has the latest
versions from your mirror.
netstat -lntup \
| awk '/^tcp/ { print $4"/"$1, $7 } /^udp/ { print $4"/"$1, $6 }' \
| sed -n 's|^[^ ]*:\([^ ]*\) \([0-9]*\)/.*|\1 \2|p' \
| while read port pid ; do
bin=$(readlink /proc/$pid/exe)
pkg=$(dpkg -S $bin | cut -d: -f1)
version=$(dpkg-query -W --showformat='${Version}' $pkg)
latest=$version
latest=$(apt-cache show -a $pkg | grep "^Version:" | { while read x ver ; do
if dpkg --compare-versions $latest lt $ver ; then
latest=$ver
fi
done ; echo $latest; } )
echo -n "$bin on port $port from package $pkg (version $version"
if [ $latest != $version ] ; then
echo -n ", $latest available"
fi
echo ")"
done
Israel Garcia
> Israel Garcia <igal...@gmail.com> writes:
>
>>I have more than 10 debian (etch and lenny) servers and I want to find
>>a way to know remotely on every server:
>
>>1. Name of running daemons and ports (tcp/udp) they're using.
>>2. Version of the package (installed by APT) used by these daemons.
>>3. Version of the latest package (from deb mirros) used by these daemons.
>
>>I tried to make a script but didn't resolve my problem.
>
That's really nice. It gives what I'm looking for..BUT, I have other
daemons installed from source, so dpkg -S returns an error. In my
case ruby. See below:
server:~# /usr/local/bin/check.sh
/opt/splunk/bin/python2.6 on port 8000/tcp from package splunk
(version 4.0.3-65638)
/usr/sbin/mysqld on port 3306/tcp from package mysql-server-5.0
(version 5.0.51a-24+lenny2)
/usr/sbin/monit on port 80/tcp from package monit (version 1:5.0.3-3)
/usr/local/bin/ruby on port 10000/tcp from package (version
3.1102.2.9-10+lenny42.2.9-10+lenny42.2.9-10+lenny42.2.9-10+lenny42.2.9-10+lenny42.2.9-10+lenny40.7.20.2+lenny10.7.20.2+lenny10.4.11.11-1~lenny10.60.6-16.0-0-5.12.61-81:1.10.1-31:1.4-p6-131.9.6+nogfdl-320080123.16.7.dfsg-5.15lenny43.5.203.2-42.18.1~cvs20080103-71:2.3.dfsg-58.1.2-0.20071201cvs-36.1.101:2.13.1.1-111.420070509-1.11.0.5-1200808090.4.520.48-84.7.2-12.1-1.41.3-16.10-62.9-134:4.3.2-24.3.2-1.13.0pl1-1054.6.21-111.2.1-5+lenny11.2.1-5+lenny11.5.241.5.247.0.152009.01.312.300.11.10-0.23.1.1-6+lenny33.1.1-6+lenny30.98.122.8.1-121.45-23.5.20-8+lenny12.9-12:1.02.27-42.0.301.14.251.14.251.14.251.41.3-11.41.3-10.7-30.11.4-30.11.4-31.112.7.59-94.26-14.4.0-22.5.35-62.6.0-32.6.0-34:4.3.2-24.3.2-1.11:3.1.5.dfsg-4.14:4.3.2-24.2.4-64.3.2-1.14.3.2-1.12.22.0-12.22.0-10.17-40.17-48.62.dfsg.1-3.2lenny11.4.9-3+lenny11.4.9-3+lenny12.5.3~dfsg-61.18.1.1-218.62.dfsg.1-3.2lenny11:8.11+u.........cutted
here
/usr/sbin/sshd on port 22/tcp from package openssh-server (version 1:5.1p1-5)
/usr/lib/postfix/master on port 25/tcp from package postfix (version 2.5.5-1.1)
/opt/splunk/bin/splunkd on port 8089/tcp from package splunk (version
4.0.3-65638)
/usr/sbin/sshd on port 22/tcp6 from package openssh-server (version 1:5.1p1-5)
/usr/sbin/collectd on port 32918/udp from package collectd (version 4.7.2-1)
Ruby was compile from source, How can I modify this script to remove
this error or better run -v option on daemons not installed by APT.
thanks again.
regards,
Israel.
--
Regards;
Israel Garcia
Ron Johnson
> On 9/9/09, Cameron Hutchison <li...@xdna.net> wrote:
>> Israel Garcia <igal...@gmail.com> writes:
>>
>>> I have more than 10 debian (etch and lenny) servers and I want to find
>>> a way to know remotely on every server:
>>> 1. Name of running daemons and ports (tcp/udp) they're using.
>>> 2. Version of the package (installed by APT) used by these daemons.
>>> 3. Version of the latest package (from deb mirros) used by these daemons.
>>> I tried to make a script but didn't resolve my problem.
> Hi Camaron
>
> That's really nice. It gives what I'm looking for..BUT, I have other
> daemons installed from source, so dpkg -S returns an error. In my
> case ruby. See below:
Right after the "bin=$(readlink /proc/$pid/exe)", I'd add a check
which checks for the string "/usr/local" inside ${bin}, then skips
down to the end of the while loop if the string actually is in ${bin}.
--
Brawndo's got what plants crave. It's got electrolytes!
Israel Garcia
> On 2009-09-09 23:30, Israel Garcia wrote:
>> On 9/9/09, Cameron Hutchison <li...@xdna.net> wrote:
>>> Israel Garcia <igal...@gmail.com> writes:
>>>
>>>> I have more than 10 debian (etch and lenny) servers and I want to find
>>>> a way to know remotely on every server:
>>>> 1. Name of running daemons and ports (tcp/udp) they're using.
>>>> 2. Version of the package (installed by APT) used by these daemons.
>>>> 3. Version of the latest package (from deb mirros) used by these
>>>> daemons.
>>>> I tried to make a script but didn't resolve my problem.
>> Hi Camaron
>>
>> That's really nice. It gives what I'm looking for..BUT, I have other
>> daemons installed from source, so dpkg -S returns an error. In my
>> case ruby. See below:
>
>
> Right after the "bin=$(readlink /proc/$pid/exe)", I'd add a check
> which checks for the string "/usr/local" inside ${bin}, then skips
> down to the end of the while loop if the string actually is in ${bin}.
Could you please add this check you're talking about to Cameron's script :-)
Thanks
regards,
Israel.
--
Regards;
Israel Garcia
Cameron Hutchison
>On 9/9/09, Cameron Hutchison <li...@xdna.net> wrote:
>> Israel Garcia <igal...@gmail.com> writes:
>>
>>>I have more than 10 debian (etch and lenny) servers and I want to find
>>>a way to know remotely on every server:
>>
>>>1. Name of running daemons and ports (tcp/udp) they're using.
>>>2. Version of the package (installed by APT) used by these daemons.
>>>3. Version of the latest package (from deb mirros) used by these daemons.
>>
>>>I tried to make a script but didn't resolve my problem.
>>
>daemons installed from source, so dpkg -S returns an error. In my
>case ruby. See below:
Ok. Here's version 2. Fixes are:
* Sorted the output by port number and removed duplicates. Duplicates
happen when a daemon listens on multiple IP addresses (samba is one).
* Skip non-existent processes
* remove (delete) from the end of readlink paths. This may happen if a
package has been upgraded and the old exe deleted.
* Use argv[0] if its an executable instead of /proc/pid/exe. This
makes daemons that are running under interpretters (perl, ruby, etc)
identified properly. In my case, postgrey failed, as a perl process.
* Ignore dpkg -S errors, and write a shorter line if there is no
package for the process.
>Ruby was compile from source, How can I modify this script to remove
>this error or better run -v option on daemons not installed by APT.
What do you mean by -v option? If you mean run the exe with -v to get
the version, that could easily fail and do unpredictable things, as -v
is not standardised as a way to get the version of a program.
netstat -lntup \
| awk '/^tcp/ { print $4"/"$1, $7 } /^udp/ { print $4"/"$1, $6 }' \
| sed -n 's|^[^ ]*:\([^ ]*\) \([0-9]*\)/.*|\1 \2|p' \
| sort -nu \
| while read port pid ; do
[ -d /proc/$pid ] || continue
bin=$(xargs -n 1 -0 echo < /proc/$pid/cmdline | awk '{print $1 ; exit}')
[ -x "$bin" ] || bin=$(readlink /proc/$pid/exe | sed 's/ (deleted)//')
pkg=$(dpkg -S $bin 2>/dev/null | cut -d: -f1)
[ -n "$pkg" ] || { echo "$bin on port $port"; continue; }
Cameron Hutchison
>Ok. Here's version 2. Fixes are:
One more iteration before I go to bed.
Version 2 was the quickly knocked together script that looks ugly and
hard to read, but is nice and compact. Maybe "nice" isn't the right
word.
Version 3 (below) is "properly" written, in a functional style. It's much
longer, but much easier to read. The main() function is very simple,
as is each individual function. It's written in such a way that you
can add extra filters if you want to extend it to get extra information
(like the -v bit you asked about).
If you dont want the result pretty-printed, just remove the
"| map_lines pretty_print" in main.
The only fix is to ignore errors from xargs (in get_pid_from_exe) which
I noticed coming out on a faster machine.
It runs under bash for the "local" keyword, but I think that should also
work under /bin/sh on Debian. It probably needs gnu xargs for -0 (gnu
xargs is standard on Debian, but busybox xargs may be different).
#!/bin/bash
main()
{
ports_and_pids \
| map_lines add_pkg_info \
| map_lines pretty_print
}
ports_and_pids()
{
netstat -lntup \
| awk '/^tcp/ { print $4"/"$1, $7 } /^udp/ { print $4"/"$1, $6 }' \
| sed -n 's|^[^ ]*:\([^ ]*\) \([0-9]*\)/.*|\1 \2|p' \
| sort -nu
}
add_pkg_info()
{
local port=$1 pid=$2 bin pkg version newer
bin=$(get_exe_from_pid $pid) || return
pkg=$(get_pkg $bin) && {
version=$(get_installed_version "$pkg")
newer=$(get_latest_version "$pkg")
[ "$newer" != "$version" ] || newer=""
}
echo $port $pid $bin $pkg $version $newer
}
pretty_print()
{
[ -n "$1" ] && [ -n "$3" ] || return
echo "$3 on port $1 ${4+from package $4}" \
"${5:+(version $5${6:+, $6 available})}"
}
get_exe_from_pid()
{
[ -d /proc/$1 ] || return
local bin=$(
xargs -n 1 -0 echo < /proc/$1/cmdline 2>/dev/null \
| awk '{print $1 ; exit}'
)
[ -x "$bin" ] || bin=$(readlink /proc/$1/exe | sed 's/ (deleted)//')
echo $bin
}
get_pkg()
{
local pkg=$(dpkg -S "$1" 2>/dev/null | cut -d: -f1)
[ -n "$pkg" ] || return
echo "$pkg"
}
get_installed_version()
{
dpkg-query -W --showformat='${Version}' "$1"
}
get_latest_version()
{
apt-cache show -a $pkg \
| awk '/^Version:/ {print $2}' \
| foldl_lines latest_version ""
}
latest_version()
{
dpkg --compare-versions "$1" gt "$2" && echo "$1" || echo "$2"
}
# map_lines func
# evaluate "func" for each line of input
map_lines()
{
while read line ; do
eval $1 $line
done
}
# foldl_lines func lhs
# evaluate (func (func (func lhs line1) line2) line3) ... for lines of input
foldl_lines()
{
func=$1
lhs="$2"
while read line ; do
lhs=$(eval $func "$lhs" "$line")
done
echo $lhs
Israel Garcia
Hi Cameron,
>
> Ok. Here's version 2. Fixes are:
> * Sorted the output by port number and removed duplicates. Duplicates
> happen when a daemon listens on multiple IP addresses (samba is one).
> * Skip non-existent processes
> * remove (delete) from the end of readlink paths. This may happen if a
> package has been upgraded and the old exe deleted.
> * Use argv[0] if its an executable instead of /proc/pid/exe. This
> makes daemons that are running under interpretters (perl, ruby, etc)
> identified properly. In my case, postgrey failed, as a perl process.
> * Ignore dpkg -S errors, and write a shorter line if there is no
> package for the process.
>
>>Ruby was compile from source, How can I modify this script to remove
>>this error or better run -v option on daemons not installed by APT.
>
> What do you mean by -v option? If you mean run the exe with -v to get
> the version, that could easily fail and do unpredictable things, as -v
> is not standardised as a way to get the version of a program.
Right, forget -v option :-)
Well, this is the output of "version 2" in my case:
Server:/usr/local/bin# check3.sh
/usr/sbin/sshd on port 22/tcp from package openssh-server (version 1:5.1p1-5)
/usr/lib/postfix/master on port 25/tcp from package postfix (version 2.5.5-1.1)
xargs: echo: terminated by signal 13
/usr/sbin/monit on port 80/tcp from package monit (version 1:5.0.3-3)
xargs: echo: terminated by signal 13
/usr/sbin/mysqld on port 3306/tcp from package mysql-server-5.0
(version 5.0.51a-24+lenny2)
xargs: echo: terminated by signal 13
/opt/splunk/bin/python2.6 on port 8000/tcp from package splunk
(version 4.0.3-65638)
xargs: echo: terminated by signal 13
/opt/splunk/bin/splunkd on port 8089/tcp from package splunk (version
4.0.3-65638)
xargs: echo: terminated by signal 13
/usr/local/bin/ruby on port 10000/tcp
xargs: echo: terminated by signal 13
/usr/local/bin/ruby on port 10001/tcp
xargs: echo: terminated by signal 13
/usr/local/bin/ruby on port 10002/tcp
xargs: echo: terminated by signal 13
/usr/sbin/collectd on port 32918/udp from package collectd (version 4.7.2-1)
is this "xargs: echo: terminated by signal 13" the output it should be?
thanks once
regards,
Israel.
>
> --
> To UNSUBSCRIBE, email to debian-us...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listm...@lists.debian.org
>
>
--
Regards;
Israel Garcia
Israel Garcia
> Cameron Hutchison <li...@xdna.net> writes:
>
>>Ok. Here's version 2. Fixes are:
>
> One more iteration before I go to bed.
>
> Version 2 was the quickly knocked together script that looks ugly and
> hard to read, but is nice and compact. Maybe "nice" isn't the right
> word.
Yeah, nice is perfect for me :-)
Well, in version 3 I see no output when I run the script...I double
check but I dont know where the problem is.
regards,
Israel.
>
>
> --
> To UNSUBSCRIBE, email to debian-us...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listm...@lists.debian.org
>
>
--
Regards;
Israel Garcia
Javier Barroso
bin=$(xargs -n 1 -0 echo < /proc/$pid/cmdline | awk '{print $1 ; exit}')
with
bin=$(awk '{print $1; exit}' /proc/$pid/cmdline)
will solved the issue
But I'm not sure why Cameron used xargs in this case.
Regards,
Cameron Hutchison
>> is this "xargs: echo: terminated by signal 13" the output it should be?
>Probably, substituting:
> bin=$(xargs -n 1 -0 echo < /proc/$pid/cmdline | awk '{print $1 ; exit}')
>with
>bin=$(awk '{print $1; exit}' /proc/$pid/cmdline)
>will solved the issue
>But I'm not sure why Cameron used xargs in this case.
/proc/pid/cmdline usually has ASCII NUL separated fields, which awk does
not split, so usually you have to use xargs -0. I noticed some cases
where the args were space separated (perl script), so I needed awk for
that case. I'll look more into awk and see if it can handle NULs in
some way. It doesn't by default.
The simple fix is to dump erors to /dev/null:
bin=$(xargs -n 1 -0 echo < /proc/$pid/cmdline 2>/dev/null | awk '{print $1 ; exit}')
Cameron Hutchison
>> Version 3 (below) is "properly" written, in a functional style. [...]
>Well, in version 3 I see no output when I run the script...I double
>check but I dont know where the problem is.
Hmmm, work for me (tm). Try isolating the failure by stripping down the
main function. Just run ports_and_pids and see if you get the expected
output. Then try the first filter (map_lines add_pkg_info), then the
second (map_lines pretty_print).
I did some last minute renaming of functions, so maybe I broke
something, but I thought I tested it before posting. I'll have another
look in a little while.
Cameron Hutchison
>Israel Garcia <igal...@gmail.com> writes:
>>On 9/10/09, Cameron Hutchison <li...@xdna.net> wrote:
>>> Version 3 (below) is "properly" written, in a functional style. [...]
>>Well, in version 3 I see no output when I run the script...I double
>>check but I dont know where the problem is.
>Hmmm, work for me (tm).
Doh!. Cut'n'paste error. I left one line off the end. Add this line:
main
It's no good having functions if there's nothing to call them. :-)
Israel Garcia
> Cameron Hutchison <li...@xdna.net> writes:
>
>>Israel Garcia <igal...@gmail.com> writes:
>>>On 9/10/09, Cameron Hutchison <li...@xdna.net> wrote:
>
>>>> Version 3 (below) is "properly" written, in a functional style. [...]
>
>>>Well, in version 3 I see no output when I run the script...I double
>>>check but I dont know where the problem is.
>
>>Hmmm, work for me (tm).
>
> Doh!. Cut'n'paste error. I left one line off the end. Add this line:
>
> main
Absolutely right about the missing last line...
well that's exactly what I was looking for. :-)
One last detail and I want you to know I'm happy with this last
version of the script :-), BUT it seems when the script found
duplicate lines, like named/tcp and named/udp it only show one, se
below:
vps204:/usr/local/bin# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 0.0.0.0:8000 0.0.0.0:*
LISTEN 9344/python
tcp 0 0 127.0.0.1:3306 0.0.0.0:*
LISTEN 18490/mysqld
tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN 5027/monit
tcp 0 0 127.0.0.1:10000 0.0.0.0:*
LISTEN 14231/ruby
tcp 0 0 127.0.0.1:10001 0.0.0.0:*
LISTEN 14236/ruby
tcp 0 0 127.0.0.1:10002 0.0.0.0:*
LISTEN 14241/ruby
tcp 0 0 67.212.94.125:53 0.0.0.0:*
LISTEN 23874/named
tcp 0 0 127.0.0.1:53 0.0.0.0:*
LISTEN 23874/named
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 16398/sshd
tcp 0 0 127.0.0.1:953 0.0.0.0:*
LISTEN 23874/named
tcp 0 0 127.0.0.1:25 0.0.0.0:*
LISTEN 4990/master
tcp 0 0 0.0.0.0:8089 0.0.0.0:*
LISTEN 9306/splunkd
tcp6 0 0 :::53 :::*
LISTEN 23874/named
tcp6 0 0 :::22 :::*
LISTEN 16398/sshd
tcp6 0 0 ::1:953 :::*
LISTEN 23874/named
udp 0 0 0.0.0.0:32918 0.0.0.0:*
16892/collectd
udp 0 0 67.212.94.125:53 0.0.0.0:*
23874/named
udp 0 0 127.0.0.1:53 0.0.0.0:*
23874/named
udp6 0 0 :::53 :::*
23874/named
And the script output:
vps204:/usr/local/bin# check2.sh
/usr/sbin/sshd on port 22/tcp from package openssh-server (version 1:5.1p1-5)
/usr/lib/postfix/master on port 25/tcp from package postfix (version 2.5.5-1.1)
/usr/sbin/named on port 53/tcp from package bind9 (version 1:9.5.1.dfsg.P3-1)
/usr/sbin/monit on port 80/tcp from package monit (version 1:5.0.3-3)
/usr/sbin/named on port 953/tcp from package bind9 (version 1:9.5.1.dfsg.P3-1)
/usr/sbin/mysqld on port 3306/tcp from package mysql-server-5.0
(version 5.0.51a-24+lenny2)
/opt/splunk/bin/python2.6 on port 8000/tcp from package splunk
(version 4.0.3-65638)
/opt/splunk/bin/splunkd on port 8089/tcp from package splunk (version
4.0.3-65638)
/usr/local/bin/ruby on port 10000/tcp
/usr/local/bin/ruby on port 10001/tcp
/usr/local/bin/ruby on port 10002/tcp
/usr/sbin/collectd on port 32918/udp from package collectd (version 4.7.2-1)
As you can see the output only show named 53/tcp.
Cameron, I really appreciate your help.
thanks a lot.
regards,
Israel.
>
> It's no good having functions if there's nothing to call them. :-)
>
>
> --
> To UNSUBSCRIBE, email to debian-us...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listm...@lists.debian.org
>
>
--
Regards;
Israel Garcia
Cameron Hutchison
>[...] it seems when the script found
>duplicate lines, like named/tcp and named/udp it only show one, se
>below:
>vps204:/usr/local/bin# netstat -lntup
>tcp 0 0 67.212.94.125:53 0.0.0.0:* >LISTEN 23874/named
>tcp 0 0 127.0.0.1:53 0.0.0.0:* >LISTEN 23874/named
>tcp6 0 0 :::53 :::* >LISTEN 23874/named
>udp 0 0 67.212.94.125:53 0.0.0.0:* > 23874/named
>udp 0 0 127.0.0.1:53 0.0.0.0:* > 23874/named
>udp6 0 0 :::53 :::* > 23874/named
>And the script output:
>vps204:/usr/local/bin# check2.sh
>/usr/sbin/named on port 53/tcp from package bind9 (version 1:9.5.1.dfsg.P3-1)
>As you can see the output only show named 53/tcp.
Good catch. Change the sort in the ports_and_pids function to
sort -u -t/ -k1n -k2
It should look like this now:
ports_and_pids()
{
netstat -lntup \
| awk '/^tcp/ { print $4"/"$1, $7 } /^udp/ { print $4"/"$1, $6 }' \
| sed -n 's|^[^ ]*:\([^ ]*\) \([0-9]*\)/.*|\1 \2|p' \
| sort -u -t/ -k1n -k2
Javier Barroso
> Javier Barroso <javib...@gmail.com> writes:
>
>>> is this "xargs: echo: terminated by signal 13" the output it should be?
>>Probably, substituting:
>
>> bin=$(xargs -n 1 -0 echo < /proc/$pid/cmdline | awk '{print $1 ; exit}')
>
>>with
>
>>bin=$(awk '{print $1; exit}' /proc/$pid/cmdline)
>
>>will solved the issue
>
>>But I'm not sure why Cameron used xargs in this case.
>
> /proc/pid/cmdline usually has ASCII NUL separated fields, which awk does
> not split, so usually you have to use xargs -0. I noticed some cases
> where the args were space separated (perl script), so I needed awk for
> that case. I'll look more into awk and see if it can handle NULs in
> some way. It doesn't by default.
awk -F '\000' '{print $1;exit}' /proc/$pid/cmdline
do the trick then
Regards,
Thomas Dickey
> On Thu, Sep 10, 2009 at 11:33 PM, Cameron Hutchison <li...@xdna.net> wrote:
>> /proc/pid/cmdline usually has ASCII NUL separated fields, which awk does
>> not split, so usually you have to use xargs -0. I noticed some cases
>> where the args were space separated (perl script), so I needed awk for
>> that case. I'll look more into awk and see if it can handle NULs in
>> some way. It doesn't by default.
> Ok, I didn't know that. Thank you for the explication
>
> awk -F '\000' '{print $1;exit}' /proc/$pid/cmdline
That depends on whether you're using gawk (which provides a non-POSIX
extension for nulls), or mawk.
--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net
Thomas Dickey
> On Fri, 11 Sep 2009, Javier Barroso wrote:
>
>> On Thu, Sep 10, 2009 at 11:33 PM, Cameron Hutchison <li...@xdna.net> wrote:
>>> /proc/pid/cmdline usually has ASCII NUL separated fields, which awk does
>>> not split, so usually you have to use xargs -0. I noticed some cases
>>> where the args were space separated (perl script), so I needed awk for
>>> that case. I'll look more into awk and see if it can handle NULs in
>>> some way. It doesn't by default.
>> Ok, I didn't know that. Thank you for the explication
>>
>> awk -F '\000' '{print $1;exit}' /proc/$pid/cmdline
>
> That depends on whether you're using gawk (which provides a non-POSIX
> extension for nulls), or mawk.
fwiw, this example works with current mawk - here:
http://invisible-island.net/mawk/
however, Debian's packagage maintainer for mawk has not responded to any
of the fixes which I've made over the past year.
Thomas Dickey
> On Fri, 11 Sep 2009, Thomas Dickey wrote:
> however, Debian's packagage maintainer for mawk has not responded to any of
package...
Cameron Hutchison
>On Thu, Sep 10, 2009 at 11:33 PM, Cameron Hutchison <li...@xdna.net> wrote:
>>
>> /proc/pid/cmdline usually has ASCII NUL separated fields, which awk does
>> not split, so usually you have to use xargs -0. I noticed some cases
>> where the args were space separated (perl script), so I needed awk for
>> that case. I'll look more into awk and see if it can handle NULs in
>> some way. It doesn't by default.
>Ok, I didn't know that. Thank you for the explication
>awk -F '\000' '{print $1;exit}' /proc/$pid/cmdline
>do the trick then
Well, no that does not handle the case where there are spaces separating
the fields. This was the case with one process in particular on my
system.
If gawk is installed I could do
gawk -F '[ \000]' '{print $1; exit}'
But that doesn't work with mawk, which is the default awk on Debian:
$ awk -F '[ \000]' '{print $1}' < /proc/1663/cmdline
awk: line 0: regular expression compile failed (bad class -- [], [^] or [)
Manoj Srivastava
> Version 3 (below) is "properly" written, in a functional style. It's much
> longer, but much easier to read. The main() function is very simple,
> as is each individual function. It's written in such a way that you
> can add extra filters if you want to extend it to get extra information
> (like the -v bit you asked about).
What kind of license are you distributing this under? I would
like to put this into my toolkit (nice work, BTW), but only if you
choose to license it out.
Thanks,
manoj
--
If at first you don't succeed, quit; don't be a nut about success.
Manoj Srivastava <sriv...@acm.org> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Cameron Hutchison
>On Thu, Sep 10 2009, Cameron Hutchison wrote:
>> Version 3 (below) is "properly" written, in a functional style. It's much
>> longer, but much easier to read. The main() function is very simple,
>> as is each individual function. It's written in such a way that you
>> can add extra filters if you want to extend it to get extra information
>> (like the -v bit you asked about).
> What kind of license are you distributing this under? I would
> like to put this into my toolkit (nice work, BTW), but only if you
> choose to license it out.
Public Domain. (same as sqlite)