Use the event.file.monitor parameter to enable advanced monitoring for configuration files. To use this parameter, you must have enabled the agent to perform advanced monitoring with the command dacontrol -m.

If advanced monitoring is enabled for files, the auditing service monitors any activity in the following folders:

  • /etc/
  • /var/centrify/
  • /var/centrifydc/
  • /var/centrifyda/

The default value for the event.file.monitor parameter is true.

In the audit.log file, you can find these events by looking for the cda_file_monitor_write messages. In the cdc.log file you can find them by looking for the Emit AUDIT_TRAIL.