F10, audit-1.7.13-1.fc10.x86_64 Previously I noted that if the network_failure_action = halt it would behave as noted in the audisp-remote.conf man page. I see that it does not halt now. I tried the "stop" option for the audisp-remote.conf and it does not stop either. I have the same default settings as before for the retry parameters: transport = tcp mode = immediate queue_depth = 20 format = managed network_retry_time = 1 max_tries_per_record = 3 max_time_per_record = 5 network_failure_action = stop I disconnected my ethernet cable, waited 1 minute then reconnected. Sent in a couple events with "auditctl -m" on the sender. Sent in another "auditctl -m" after plugging the cable back in. They all came out on the collector. Great recovery; not what I wanted. Any ideas? Thx, LCB. -- LC (Lenny) Bruzenak lenny(a)magitekltd.com