Looking for some assistance. I am trying to keep from logging activity of a Linux command we keep running in the foreground to monitor the progress of a scripting task. We monitor the progress of this task using the Linux "top" command. I'm trying to figure out how to use the "exclude" filter in the audit rules to exclude logging of this "top" command. I am running on the Fedora 7 O/S. I am also utilizing the nispom.rules for the audit daemon. The logging I'm receiving is similar to this: type=SYSCALL msg=audit(1219770680.762:206): arch=40000003 syscall=5 success=no exit=-13 a0=92df4b a1=8002 a2=bf82f338 a3=92df51 items=1 ppid=8076 pid=8208 auid=500 uid=500 gid=510 euid=500 suid=500 fsuid=500 egid=510 sgid=510 fsgid=510 tty=pts2 comm="top" exe="/usr/bin/top" key="open" type=CWD msg=audit(1219770680.762:206): cwd="/usr/local/people/tony" type=PATH msg=audit(1219770680.762:206): item=0 name="/var/run/utmp" inode=2074631 dev=08:02 mode=0100664 ouid=0 ogid=22 rdev=00:00 This is the type of logging I'm trying to exclude. Any ideas would be helpful. Thanks, Tony Sincox