Thanks Steve.  I do actually have a ticket open with RedHat to make this available for pre-U5 versions, so you may have to pass off to the QC team.  We've had enough fun getting the 2.6.9-42 kernel to not break out-of tree kernel modules for commercial packages.  If I have to build audit 1.0.15 to be compatible with u3 I'll try to do that.

Thanks for your time and help,
Charlie Todd
Ball Aerospace & Technologies Corp.

-----Original Message-----
From: Steve Grubb [mailto:sgrubb@redhat.com]
Sent: Mon 11/13/2006 9:19 AM
To: linux-audit@redhat.com
Cc: Todd, Charles
Subject: Re: Audit-1.0.14

On Thursday 09 November 2006 14:56, Todd, Charles wrote:
> If I'm reading this correctly, you're telling me that the 1.0.14 auditd
> that ships with RHEL4u3 is immature, at best.

No, you are misparsing the problem...he is trying to use that version of audit
with plain vanilla linux kernels. When paired with our kernel all is well.

> Does this mean that I will never get support for the dispatcher directive
> in /etc/auditd.conf?

I just about have 1.0.15 finished and it will have the dispatcher interface +
some backported code around the time start/end directives and various
bugfixes discovered during the LSPP work for RHEL5.

> I was  hoping to use the development Snare scripts that Leigh put together,
> mainly for a unified, centralization of our audit trails, but it doesn't
> work if the dispatcher support option is missing.

U5 it should be there.

-Steve