Greetings!
I want the audit system to log activities with files in certain directories (like /etc or /bin) into separate logfile. For example, if a configuration file was modified inside a directory under control, I would be able to see changes made to it in a special log.
How to create such configuration?

Also, I add watches on directories by adding rules like

Code:
-w /etc
But still, audit.log does not contain the facts of changing and creating files in /etc directory. What am I missing? Also, the log doesn't contain timestamps - how to enable them so it would be clear when something happened

With best regards,
Max