Auditd or audit daemon, is a userspace component to the Linux Auditing System. It’s responsible for writing audit records to the disk.
Use man auditd to see more detail about auditd; or man ausearch to see more detail about ausearch tool.
Audit a directory
Audit a file
Example
Install auditd
List auditd rules
Start auditd
View the audit log
View audit reports