I want to monitor file and directory creation, modification, and deletion on some large subtrees (/etc/, /usr/share/, and ~/.config/). And I want the name of the executable that caused the event. The purpose will be to facilitate cruft detection and removal.