是否可以监视对Linux下所有进程的文件系统的所有写访问

Question

是否可以监视对Linux下所有进程的文件系统的所有写访问权限？

我有一些不同的挂载文件系统。其中很多是tempfs。

我对除tempfs，devtmpfs等之外的所有对根文件系统的写入感兴趣。

我正在寻找可以输出的内容：<PID xy> write n Bytes to /targe/filepath。 哪个监视工具可以列出所有这些写系统调用？可以按安装点过滤它们吗？

Answer 1

iotop（内核版本2.6.20或更高）或dstat可以为您提供帮助。例如。 iotop -o -b -d 10与此similar thread中的讨论类似。

Answer 2

/ proc / diskstats具有所有块设备的数据。

https://www.kernel.org/doc/Documentation/iostats.txt

  The /proc/diskstats file displays the I/O statistics of block devices. Each line contains the following 14 fields:
             1 - major number
             2 - minor mumber
             3 - device name
             4 - reads completed successfully
             5 - reads merged
             6 - sectors read
             7 - time spent reading (ms)
             8 - writes completed
             9 - writes merged
            10 - sectors written
            11 - time spent writing (ms)
            12 - I/Os currently in progress
            13 - time spent doing I/Os (ms)
            14 - weighted time spent doing I/Os (ms)
            For more details refer to Documentation/iostats.txt

Answer 3

您可以编写SystemTap脚本来监视文件系统操作。也许您可以访问Brendan D. Gregg's blog，那里有许多监视工具。