Directory structure auditing - a case

It was suggested to me that readers of this list might be interested in hearing our use case for directory structure auditing (auditing all of the files below a directory). So here it is. We write digital asset management (management of photos, sound files, video files, etc.) software for law enforcement agencies. These agencies are not only interested in whether a digital asset is untouched (for which we assign a hash), but also in who has had access to any given file and what they did with it (read, write, ???.). The number of files could be in the millions, far too many to add a rule for each file. Building a rule for each user is not only operationally undesirable it would also mean that if those users actually logged into the server every file they accessed would be logged, not just the files we care about. We want/need to catch all access to the files in our directory structure including any management/administrative access, therefore we would like *all* users access to these files logged, not just a subset of common (non-admin) users. That is it. Not terribly complex. If anyone has any questions I will do my best to answer them. -Mont