audit file creation/deletion

[Richard Maciel]

Is it possible to audit only the events of creation and deletion of files?

I know that I can use a watch rule with a write filter to check if a 
file or directory is being created/delete, but this rule also generates 
audit entries when a file (inside the directory being tracked) is 
modified. Is there a way to prevent this?

Best Regards,
-- 
Richard Maciel, MSc
IBM Linux Technology Center
rmaciel at linux.vnet.ibm.com