Hello to all, it has been some time since I have needed to source the wisdom of this list. I need help on the following: I have had to clean up audit rules to get the entire set to load and observe the results in */var/log/messages.* I get all of the rules to load, presently using a single rule-file (UDG.rules). The last line of the file has the "*-e 2"* and has been rebooted a couple of times. As a result I can determine using auditctl -s that I observe: "enabled 1" but that's not the problem. More information. I get all of the other "-a" and "-w" rules to load successfully now. The quantity of "-a" and "-w" rules loaded equals my expectations based on executing "*auditctl -l | wc -l*" and comparing to the value returned using this shell command= *egrep -vc "^$|^#|^ |-e" UDG.rules* Here is where the problem is observed. I review the results in /var/log/messages and I see the following: <date> <time-of-day> <hostname> augenrules[6706]: failure 2 with "failure 2" highlighted with red. I am using vim to read the /var/log/messages file, to offer extra information. Anyway, is this indicating a problem still? If I remember correctly from man years ago... this is not. I do not want to rely on memory. Please help, -------------------------- Warron French