operation not supported on filtering

I got a minimal audit.rules file containing: # cat -n /etc/audit/audit.rules 1 -D 2 3 -b 8192 4 5 -e 0 6 7 -a always,exclude -F msgtype=CWD 8 9 -w /etc/sysctl.conf -p wa -k sysctl When I restart auditd I get: # /etc/init.d/auditd restart Restarting audit daemon: auditd Error sending add rule request (Operation not supported) There was an error in line 7 of /etc/audit/audit.rules failed! instructions like `-a always,exclude -F msgtype=CWD` seems to be very popular in example all over the internet. I don't understand why I get the error. I use auditd `1:1.7.18-1.1` on debian 7 What should I do to make this filter work? -- /VF