Hello again, list, My officemate is looking into some other auditd configurations, but we were also looking for more information for something that might not be related. We're running Redhat Enterprise 4 with audit 1.0.14-1. We're trying to figure out where some of the other information is coming from that is in our audit.log file. It seems to be pam information and such. Where is that configured? Back in Redhat 9, pam messages were in messages.log and only audit messages were in audit.log. Thanks! -Dan Thomas