Hi, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit It will also be in rawhide soon. The Changelog is: - Adding perm field should not set syscall added flag in auditctl - Fix segfault when aureport -if option is used - Fix auditctl to better check keys on rule lines - Add support for audit by TTY and other new event types - Auditd config option for group permission of audit logs - Swig messed up a variable in ppc's libaudit python bindings causing crashes. (#251327) - New audit event dispatcher - Update syscall tables for 2.6.23 kernel This release introduces a new multi-threaded event dispatcher. Its working according to my testing, but still needs some work to fill out all the features. Right now, it only runs internal plugins. They are af_unix and syslog. -Steve