Hello list, This is my first message and i hope i will provide the expected information to get help (: I'm looking in libaudit if there is a function to transform a line in audit.rules's format to a *struct audit_rule_data* to feed *audit_add_rule_data* to insert a new rule. From tag *v3.0.9* (i need to stick to this version for the moment), i see occurences of *audit_add_rule_data* in *autrace.c* and *auditctl.c* but it seems that adding a rule is specific to those binaries. Do i understand it correctly? Do i need to specifically write a basic rule parser to call *audit_add_rule_data* with a new rule when i use libaudit? Or does libaudit provides a general way to tranform an auditd rule (i.e in format of audit.rules file) to a struct audit_rule_data? Thanks for help. Regards.