Does this mean the dispatcher is now turned of or I just loose those events. Currently I am not seeing any events in SNARE and trying to trouble shoot where the issue is. Any help will be great. Thanks. Ameel Kamboh MCS AS5200 Security and Media Services Phone: 972.685.4922 (esn 445-4922) Mobile: 978-590-2280 SIP: akamboh(a)techtrial.com email: akamboh(a)nortel.com -----Original Message----- From: Steve Grubb [mailto:sgrubb@redhat.com] Sent: Friday, March 09, 2007 2:19 PM To: linux-audit(a)redhat.com Cc: Kamboh, Ameel (RICH1:B670) Subject: Re: Audit pipe full On Friday 09 March 2007 15:01, Ameel Kamboh wrote: That program is not pulling the events from the audit daemon fast enough. -Steve