Is audit really disabled?

I'm using audit=0 at the kernel command line, have auditd disabled. Boot messages: audit: disabled (after initialization) audit: initializing netlink socket (disabled) <- confusing audit(1123705334.896:1): initialized # auditctl -s AUDIT_STATUS: enabled=0 flag=1 pid=0 rate_limit=0 backlog_limit=64 lost=0 backlog=0 kauditd is running and I appear to be getting some audit messages on the console. What's going on here? - James -- James Morris <jmorris(a)redhat.com&gt;