Does anyone know the number of audit rules that can be installed on a system before having to traverse the list of rules on every syscall starts to take a noticeable amount of time? I'm assuming no rules that generate excessive logs, so nothing like '-a exit,always -S execve' or '-a exit,always -S open'. Cheers, peter -- Peter Moody Google 1.650.253.7306 Security Engineer pgp:0xC3410038