Re: issue with file watches on Suse 10.1 using latest 2.6.18-rc4 and audit 1.2.3

Hello all, I am trying to set up file watches for files such as /etc/passwd and /etc/shadow. I am using Suse 10.1. I have updated the kernel to a kernel.org 2.6.18-rc4 kernel, and have updated the audit userspace tools to version 1.2.3. I can add filesystem watches with "auditctl -w /etc/passwd" successfully now. Entries in the audit.log are created. The first problem is that when I use "aureport -w", it tells me "<no events of interest were found>". Using "aureport -f" instead, it shows entries for /etc/passwd, but the auid column for all results is -1 (or "unset" if using the -i option to aureport). Looking at the audit logfile, auid=4294967295 which then correlates to -1 when used as a signed vs unsigned int. How can I fix this?