Use the event.file.monitor parameter to enable advanced monitoring for configuration files. To use this parameter, you must have enabled the agent to perform advanced monitoring with the command dacontrol -m.
If advanced monitoring is enabled for files, the auditing service monitors any activity in the following folders:
The default value for the event.file.monitor parameter is true.
In the audit.log file, you can find these events by looking for the cda_file_monitor_write messages. In the cdc.log file you can find them by looking for the Emit AUDIT_TRAIL.