I've just released a new version of the (old) audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit. The ChangeLog is: - Performance improvements for ausearch/report - Fix debug output resolving numeric address - Fix spelling error in audit.rules (#667845) - Improve warning in auditctl regarding immutable mode (#654883) - In ausearch, allow searching for auid -1 - Fix memory leak in aureport - Fix parsing state problem in libauparse - Update prelude support - Add new event types - Update syscall tables - On i386, audit rules do not work on inode's with a large number - Improve the robustness of libaudit field encoding functions - Add optional ARM processor support - Fix autrace to use correct syscalls on i386 systems (Peng Haitao) - In auparse, add ability to interpret session and capabilities - Add ability for audispd syslog plugin to choose facility local0-7 - Report server issues to remote client - Update ausearch parsing - Update auparse to handle virt events - Make audisp-remote robust - Add 2 error returns to python bindings - Update the man pages a little - Add some debug info to audidp-remote startup and shutdown - In auditd, if disk_error_action is ignore, limit syslog messages to 5 - Fix some memory leaks This does not even really capture all the updates to this branch. This is intended to be the final release of the 1.x series. This release backports everything I possibly can from trunk to the old daemon. With all these fixes, its a big update. Please test it if you use the 1.x series. Please let me know if you run across any problems with this release.