Write the command that will define an auditd rule, that will record an eventeach time the /var/log/messages file is accessed.
When defining the rule, use "message_file_access" as the key.
auditctl -w /var/log/messages -p rwa -k message_file_access
if you would like to make this audit rule to be permanently configured then add it to the below file.
/etc/audit/rules.d/audit.rules
