Hi All;<br><br>I trying RHEL 4.x series auditing. <br><br>Example:<br>Audit version: audit-1.0.15-3.EL4<br><br>-w /root -p w <br><br>config line added to audit.rules; but this config watch only &quot;/root&quot; directory writes. Do not watch &quot;/root/Desktop&quot;, &quot;/root/test&quot;, etc...<br>
<br>I can&#39;t recusive directory watch; like audit version audit-1.7.17-3<br><br>How this?<br><br><br>Thank you<br>Best Regards.<br>