There's deprecated functionality called "fschange" in Splunk that does this. But, being deprecated, I advise against using it. You should look into using native tools to the OS that you're running like object access auditing in Windows or auditd in Linux.