audit rule question

Q: Manpage says : "-S [Syscall name or number|all]" ..."You may also specify multiple syscalls in the same rule as a comma separated list with no spaces in between. Doing so improves performance since fewer rules need to be evaluated."... So I'd have thought that this would work: -a always,exit -F arch=b64 -S adjtimex,settimeofday -k time-change but only this does: -a always,exit -F arch=b64 -S adjtimex -S settimeofday -k time-change Restarting auditd says: There was an error in line 165 of /etc/audit/audit.rules Am I misunderstanding this option, or is there a manpage or code error? audit-1.7.2-6.fc9.x86_64 Thx, LCB. -- LC (Lenny) Bruzenak lenny(a)magitekltd.com