Hello, we have installed Splunk in order to monitor the audit.log files of several systems. However, our audit.log files are turning over quicker than usual since Splunk seems to span our audit.log file with entries. Is there a way to get audit.log to filter messages from Splunk in RHEL 5 server systems? Thanks in advance! Starr