user audits

Steve, Would there be any issue with adding a couple new trusted_application event types? Would any kernel mods be needed to support this? The reason I ask is because I'd like to process some event types differently on the back end (the aggregator) and if I could easily identify those types it would make life easier. Some trusted_application events are for recording "bad" security issues, some for "good", etc. and I'd like to easily differentiate those. I can put something inside the event text but if possible would prefer a couple different types, like trusted_app1, trusted_app2, etc. Thx, LCB -- LC (Lenny) Bruzenak lenny(a)magitekltd.com