Hi list, I'm looking for an example to receive auditd event *continously* and print them to the standard output. I found simple example which use *auparse* library here: https://security-plus-data-science.blogspot.com/2017/04/writing-basic-aup... I add a the following lines to loop 'forever' 8<--- [..] while (1) { auparse_first_record(au); [..] sleep(1); } auparse_destroy(au); return 0; } -->8 The problem with this example is the output only shows the events which are available *before* binary startup not the event arrived *after*. 8<--- ./dummy-auditd & ~ # Record type: DAEMON_START - type,op,ver,format,kernel,auid,pid,uid,ses,res Record type: CONFIG_CHANGE - type,op,audit_backlog_limit,old,auid,ses,res [..] Record type: PROCTITLE - type,proctitle Record type: 0 - (null) Record type: 0 - (null) .. -->8 I want to have the event print *continously* i.e the new events *shall* appears on the standard output. Can you point me some examples in the git repository or an url that describes how to do it please? I surely miss something in the documentation so let me know if it is the case. Thanks. Regards.