Watch in audit 1.6

We are using audit 1.6 in our system. When I add a watch rule for write and append to a directory, the log will report any changes to the directory and all the sub directories as well. Is there a way to exclude watching sub directories as well. Example: Watch directory /var/mydir The tree for mydir is as follows: /var/mydir | ---- runtime | ---- dir1 | ---- dir2 I would like to watch /var/mydir + /var/mydir/dir1 + /var/mydir/dir2, but exclude /var/mydir/runtime Rule: -w /var/mydir -p aw Is there a way to do what I am asking? Ameel Kamboh SIP Core Network and Security Phone: 972.685.4922 (esn 445-4922) Mobile: 978-590-2280 SIP: akamboh(a)techtrial.com email: akamboh(a)nortel.com