On Monday 31 July 2006 14:09, Michael C Thompson wrote: > I'm not sure what this is meant to be related to, any clues? auditctl -a always,exit -S open -F key=something It's so that you can label the event with any information an admin wants. -Steve