Hi guys. For using "The audit framework", should I rebuild my kernel to use "praudit" to log exec or syscall events ? I used the way that handbook says to use praudit, but it only shows me logs on authentications with "su" and stop/starting "auditd" service, and there's no any other logs. Any ideas what other things should i do ? Best wishes, Mokhi.