Hello to all, it has been some time since I have needed to source the wisdom of this list.

I need help on the following:

I have had to clean up audit rules to get the entire set to load and observe the results in /var/log/messages.

I get all of the rules to load, presently using a single rule-file (UDG.rules).  The last line of the file has the "-e 2" and has been rebooted a couple of times.  As a result I can determine using auditctl -s that I observe:   "enabled 1" but that's not the problem.

More information.  I get all of the other "-a" and "-w" rules to load successfully now.  The quantity of "-a" and "-w" rules loaded equals my expectations based on executing "auditctl -l | wc -l" and comparing to the value returned using this shell command=   egrep -vc  "^$|^#|^ |-e"  UDG.rules

Here is where the problem is observed.  I review the results in /var/log/messages and I see the following:

<date>  <time-of-day> <hostname> augenrules[6706]: failure 2

with "failure 2" highlighted with red.

I am using vim to read the /var/log/messages file, to offer extra information.

Anyway, is this indicating a problem still?  If I remember correctly from man years ago... this is not.  I do not want to rely on memory.

Please help,