On Wednesday 21 February 2007 21:48:33 Walt Powell wrote: > I have a requirement to audit/log all failed attempts to access files. I > entered the following line in audit.rules: > > -w exit,always -S open -F success!=0 > > and audit flags all file exits regardless of success. Which kernel are you using? Answering all your questions depends on that. -Steve