All, Running Red Hat 5.4 and I have auditd turned off so that the audit logs go to /var/log/messages, this way I can forward all of the logs to a centralized log server. Probably other ways to do this but this setup works well on our Fedora 8 machines. Question I have is that I am getting a lot of "kernel: printk: 39 messages suppressed" messages in the /var/log/messages file. On fedora 8, this does not happen, everything comes through with no suppression. Any ideas on what changed in auditing that would cause this? Thanks!