All,

Is there a way to set a rule to watch particular files in a directory like /etc/*?  Can you use wildcards in the rules?

Also, is there a way to set a rule to grab just non-root user actions on a file?

Thanks!