To all, Is there a version of nispom.rules that will work with "Audit-1.0.16" on RHEL WS 4?? Tried moving working nispom.rules file from Centos 5 running audit-1.7.7 but auditd fails at startup with error: "filter key option needs a watch given prior to it" Jeff Harmon IT Manager / Senior Network Administrator / FSO Alion Science and Technology Advanced Modeling and Simulation Technology Operation (AMSTO) 2602 Challenger Tech Court, Suite 230 Orlando, FL 32826 Tel: (407) 737-3599 x404 Fax: (407) 737-0847 Cell: (407) 353-7238 jharmon(a)alionscience.com www.alionscience.com <http://www.alionscience.com/>