Hi Steve I followed your advise and verified my patch of AArch64 audit support by comparing the output from # autrace /bin/ls # ausearch -i -p XXX | grep SYSCALL with the output from # strace /bin/ls Here I found that the entries shown by "ausearch -i" are listed partially in the order of lifo (Last In First Out?). I don't think this behavior is "intuitive". (As you know, ausearch without -i generates fifo order of outputs.) Is there any good reason? Thanks, -Takahiro AKASHI