Richard, have you thought about putting your statistic gathering wrapper is something like ld.so or libc? (assuming dynamic linking; which most OS's have now-a-days) Makes life much easier. I toyed witht the same idea but for a different purpose. I wanted a "tripwire" built into things like outgoing telnet and simple things like "ps" since we often see bad-guys running these programs. I just wanted to have a log of when user "bin" or "daemon" ran a ps(1) an ls(1) or whatever. :-) ld.so seemed like a good place since you could leave the standard programs intact, and do the info-gathering or logging from there. just a thought :-) ======================================================================= Brad Powell : brad.powell@Sun.COM | | Full Time: Sr. Network Security Analyst |Part time: Cyberspace PI ENS Network Security Group | and Consultant Sun Microsystems Inc. | ======================================================================= The views expressed are those of the author and may not reflect the views of Sun Microsystems Inc. =======================================================================