site_archiver@lists.apple.com Delivered-To: Darwin-kernel@lists.apple.com A typical audit record is: The audit flags are set for "all". Thanks, Todd _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... I am looking through Apple's BSM audit logs (Mac OS X 10.4.9 on a G5), and all records for the connect(2) system call to an IP address are reported as failures. There are no examples of successful connection requests even though I know they took place. header,88,1,connect(2),0,Tue May 15 09:44:38 2007, + 731 msec argument,1,0x10,fd socket-inet,2,80,17.250.248.77 subject,heberlei,heberlei,staff,heberlei,staff, 384,196,50331650,0.0.0.0 return,failure : Operation now in progress,4294967295 trailer,88 Is this a bug in Apple's kernel (i.e., inadvertently reporting a successful system call as a failure), or did Apple choose *not* to report successful network connections? This email sent to site_archiver@lists.apple.com