I am setting up dual boot workstations and require a pretty high degree of security. Can Linux audit changes that Linux users might make to the Windows event log files on the NTFS partition? We'd like to mount that disk RW so that files can be written back to it, but we'd likely need to either protect the log files from deletion by non-auditor users or at the very least log writing/deleting those files by anyone.