Hello, I'm working on the code for the audit daemon that writes the startup and termination records to the audit log. I want to add more message types to handle this. I have 2 ways to do it. 1) add the defines to the kernel audit.h file or 2) add the defines to libaudit.h and hope we never have a clash. I'm setting message types in the range of 1500 - 1599 for audit daemon local use. I doubt we'll ever need more that 4-5, but numbers are cheap. In order to keep working on this, I'm putting it in libaudit.h. It looks like this: /* These audit message types are for audit daemon local use. */ #define AUDIT_START 1500 /* Define daemon start record */ #define AUDIT_TERM_NORM 1501 /* Define normal termination */ #define AUDIT_TERM_ERR 1502 /* Define error termination */ Any consensus as to whether they belong in the kernel's audit.h or libaudit.h? Thanks, -Steve Grubb