RE: "Watch"ing a directory

For recursive watch can you exclude an inode from the watch list. For example, I want a recursive watch on all directories and their sub dir under /var But would like to exclude /var/log specifically? Ameel Kamboh SIP Core Network and Security Phone: 972.685.4922 (esn 445-4922) Mobile: 978-590-2280 SIP: akamboh(a)techtrial.com email: akamboh(a)nortel.com -----Original Message----- From: Steve Grubb [mailto:sgrubb@redhat.com] Sent: Wednesday, August 22, 2007 11:10 AM To: Kamboh, Ameel (RICH1:B670) Cc: Sankarshan Mukhopadhyay; linux-audit(a)redhat.com Subject: Re: "Watch"ing a directory On Wednesday 22 August 2007 11:05:07 Ameel Kamboh wrote: It will be in 5.1. You can already access it in the beta channel. audit-1.5.5-6 and kernel-2.6.18-40.el5. Newer versions work even better. For Fedora, it will have to wait until either 2.6.23 or 24 depending on how fast the patch gets pulled into mainline. It was in -mm tree, though. -Steve