<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="post-text" itemprop="description">
      <p>I am trying to use auditd to monitor changes to a directory.
        The problem is that when I setup a rule it does monitor the dir
        I specified but also all the sub dir and files making the
        monitor useless due to endless verbosity.</p>
      <p>Here is the rule I setup:</p>
      <pre style="" class="lang-sh prettyprint prettyprinted"><code><span class="pln">auditctl </span><span class="pun">-</span><span class="pln">w </span><span class="pun">/</span><span class="pln">home</span><span class="pun">/</span><span class="pln">raven</span><span class="pun">/</span><span class="pln">public_html </span><span class="pun">-</span><span class="pln">p war </span><span class="pun">-</span><span class="pln">k raven</span><span class="pun">-</span><span class="pln">pubhtmlwatch</span></code></pre>
      <p>when I search the logs using</p>
      <pre style="" class="lang-sh prettyprint prettyprinted"><code><span class="pln">ausearch </span><span class="pun">-</span><span class="pln">k raven</span><span class="pun">-</span><span class="pln">pubhtmlwatch</span></code></pre>
      <p>I get thousands of lines of logs that list everything under
        public_html/</p>
      <p>How can I limit the rule to changes on the directory specified
        only? </p>
      <p>Thank you very much.</p>
    </div>
  </body>
</html>