I have been tasked to generate test cases to validate the proper execution of particular syscall audit flags. In most cases I have succeeded in triggering audit log entries. However, I have been unable to trigger audit entries for the 'symlink call' My test cases are generated by a shell script that execute commands to trigger the relevant calls. In my test case I created a hard-link and a soft-link using /bin/ln. Running strace indicated that the syscall was definitely made but 'ausearch -sc symlink' shows nothing. I am using audit-1.0.15-3.EL4. Any insight into this problem would be appreciated. Sincerely, Eric Howard -------------------------------------- Protect yourself from spam, use http://sneakemail.com