Is there a Linux command to monitor read and writes over a period of time? with what files were accessed and how much data was written.
iotop maybe?
Iotop, lsof
They won’t do exactly what you want but will get you partway there
For read/write ops or disk usage over time, I would usually use a monitoring system like Prometheus and Grafana.
When you start talking about what specific files are accessed and when, that’s usually up to an intrusion detection system (or IDS). I don’t have good recommendations for that unfortunately.
sysdig can monitor and display file IO usage.
See this page for some examples: https://github.com/draios/sysdig/wiki/Sysdig Examples#disk-io
Something like
iotop -Pao
(real-time) oriotop -obd
(batch) ought to do the job. I don’t know if it includes writes to non-physical devices like tmpfs.Some other commands you might find interesting:
iosnoop
,fatrace
,pidstat
,blktrace
.inotifywait -r -m desired/directory