My server is using high CPU usage from lsof, and it appears to be ran randomly and by the root user. I'm finding this out via Newrelic information
Is it at all possible to find what is running this and stopping it?
Extra info:
Some of the major apps I'm using and have installed:
- New Relic
- PHP
- Apache2.2
- Prosody
- Postfix
- MySQL
When I perform a ps -feww | grep lsof it always just returns the grep command itself, it never seems to be running when I'm looking at it.
Best Answer
If you use
auditd
, you can then create a rule such asThen see the
/var/log/audit.log
or useaureport
andausearch
utilities.