Logging to write once media is a wonderful thing...if you can get it to work. However, a file structure on WORM tends to need the ability to cache on normal disk at first in order to make a file structure. (Some work like tapes, and can be handled though.) In general sending the log down a one-way data-only pipe to, say, a PC that has no control connections on the machine logged is security wise the same thing. Even a quite old PC can be used...8088 machines, or 8086 or maybe 80286 are perfectly adequate in such an app, and dirt cheap (I see them at the dump!). On the other hand, a software WORM can be concocted also, as I pointed out in VMS Magic at DECUS maybe 4 years ago now. Just disable the delete function, and encrypt the underlying file so that one must go through the virtual disk abstraction to get at data. Someone can corrupt it (if priv'd) easily enough, but making any changes that don't leave traces can be much harder. The driver must of course check for overwrite and disallow it. I built one some years ago too; was somewhat useful as a place to put logs that could not be tracelessly tampered with. I presume such a thing could be done on other OSs, but also the less base OS security you have, the harder it is to get this sort of thing right and the easier it becomes to attack. My driver could check who was accessing it...but the infrastructure for finding this out may be lacking in more primitie OSs. Glenn Everhart