trouble with a number of audit rules

Hello all, I am trying to add the following functionality to auditd (via audit.rules) using the following rules, but the rules don't work on my RHEL ES 4 system (fully patched). Could someone look at them and tell me what I am doing wrong, or where I can read how to do it right? 1) # Ensures that any reads of the audit log by the current user that's logged is # audited. It might be beneficial to create a rule for each of the 5 logs # that are generated. RULE: -w /var/log/audit/audit.log -p r -F auid=-1 ERROR: List must be given before field 2) # Ensures that any user who mounts or unmounts a device is audited RULE: -a exit,always -S mount -S umount ERROR: Syscall name unknown: umount 3) # ensures auditing whenever the reboot command is sent to the kernel RULE: -a always,entry -S socketcall -F a0=13 ERROR: Syscall name unknown: socketcall 4) # Ensures auditing of any unauthorized access to roots home directory. RULE: -w /root -p rw -F uid!=0 ERROR: List must be given before field 5) #Ensure that failed use of the following system calls is audited RULE: -a exit,always -S quotactl -S mount -S stime -S kill -S chroot -F success=0 -F auid=-1 -F auid=0 ERROR: Syscall name unknown: stime TIA, Bill Tangren