Red Hat Enterprise Linux 5 includes a powerful, realtime security event reporting mechanism, the Audit Subsystem, which forms the foundation of a Host Intrusion Protection environment for all Enterprise Linux deployments. This presentation will introduce the technical architecture of the Audit Subsystem, the real time interfaces available to applications, and the designs on building this integrated utility into a system which can accurately respond to security events by leveraging other security components of Red Hat Enterprise Linux.