Steve or DJ, Have you guys thought about how I can re-send submitter events from a client to a master auditd after failure? I'm thinking of the case where the aggregating/collector machine has failed and the clients then shut down as configured. Say the problem on the collector is fixed and it comes back up. Then we bring up the client sender machine(s). I haven't tested this but I do not think the missed events will get sent right? How can I try to resend the events to the collector? I apologize if there is a way I've missed. I think it would be possible to write the events to a separate file and resend those on restart. But even if there is a manual/semi-manual way to do this it beats nothing in my case. Thx, LCB. -- LC (Lenny) Bruzenak lenny(a)magitekltd.com