I see that the -w or --word switch was added to the ausearch but how it it used? The man pages claim: String based matches must match the whole word. But I have been trying ausearch -w failed and variation of that but only get the message ausearch -if audit.log.3 -w failed failed is an unsupported option This e-mail and any files transmitted with it may be proprietary and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the sender. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of ITT Corporation. The recipient should check this e-mail and any attachments for the presence of viruses. ITT accepts no liability for any damage caused by any virus transmitted by this e-mail.