Hello, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit It will also be in rawhide tomorrow. The Changelog is: - Translate numeric info to human readable for ausearch output - add '-if' option to ausearch to select input file - add '-c' option to ausearch to allow searching by comm filed - init script now deletes all rules when daemon stops - Make auditctl display perms correctly in watch listings - Make auditctl -D remove all watches The big improvement in this release is the -i parameter for ausearch. This turns the audit events into something more understandable by interpreting all numeric information. The ausearch utility can now take a '-if' parameter to have it search or display a particular file. Let me know if there are any problems. -Steve