If you are okay not working with syslog stuff, you could try Enterprise Event Monitoring. http://sourceforge.net/projects/evntmon/ This was an event monitoring tool that would use samba administrative shares to pull the event logs and parse it into a Mysql or Postgresql database. It had a nice web interface with links for common event id's. The only problem I had with the system was the massive amounts of data. I was running this against 40 telecommuters at home. It would work for 2-3 weeks, then the database would need to be managed and I would just blow everything away and start fresh. After a couple of months refreshing the database, I figured that I didn't need the data that badly. -- Jeff Rasmussen GPG public key 0x9686C12F