When I restart my auditd daemon, I get a number of messages in /var/log/messages that look like this: Nov 2 10:27:25 charon kernel: audit(1194013645.793:6808): auid=500 removed an audit rule What does this mean? Does it mean that some of my rules in /etc/audit.rules are improper, and the server is removing them? TIA, Bill Tangren