Hello every one. My plugin now works well in the debug mode,I.E. using *cat log | ./audisp-example* it works well But it failed when I did not use the debug mode. Here it's the code that I have changed. /* This function shows how to dump a whole record's text */ static void dump_whole_record(auparse_state_t *au) { FILE *out; if((out=fopen("./test.txt","a+"))!=NULL)/*打开源文件，读取数据*/ { fprintf(out,"%s: %s\n", audit_msg_type_to_name(auparse_get_type(au)),auparse_get_record_text(au)); fclose(in); /*关文件*/ } // printf("%s: %s\n", audit_msg_type_to_name(auparse_get_type(au)),auparse_get_record_text(au)); //printf("\n"); } In the debug mode I'm able to create a test.txt in the current direcory .And write the information into the test.txt But when I copy the audisp-example to /sbin/, and copy the configure file audisp-example.conf to /etc//etc/audisp/plugins.d restart the auditd, it didnot work. Why? Can anyone help Regards Jeedan -- ----------------------------- 陈洁丹 北京邮电大学软件学院 地 址： 北京邮电大学学二D12寝室 邮 编： 100876 Email: jeedan.chen(a)gmail.com --------------------------------- -- ----------------------------- 陈洁丹 北京邮电大学软件学院 地 址： 北京邮电大学学二D12寝室 邮 编： 100876 Email: jeedan.chen(a)gmail.com ---------------------------------