Dr. Cohen, I think this product may be the type you're looking for. It's called Audit Trail Analysis by Rascal-Guardata. Here's some information from the product description: - Audit Trail Analysis takes input from any security log, and translates the data into standard format. It understands the logs of all the major computer manufacturers (IBM, Unisys, Tandem, DEC, ICL, and more. - The translated audit trails are loaded into its integrated relational data base, creating a single coordinated file. - The next stage of the process is the analysis of that single log against a set of security rules. These rules represent many man-years experience of computer security. The rules define certain combinations of circumstances that may indicate breaches of security. The combination of rules to be applied may be changed by the controller to map onto a specific security policy. - For operational security, the system is stored and run in an independent computer. It operates on any UNIX hardware that supports Nexpert Object. It uses ORACLE as its relational database. Rule Base development using C, OSF/Mitif and Nexpert Object. For more information, such as pricing, contact Anthony C. Priest, General Sales Manager, System Security Division. 480 Spring Park Place - Suite 900, Herndon, Virginia 22070. Telephone (703) 471-0892. I have never used or seen this product in action but it certainly sounds interesting. I'd appreciate hearing your feedback on anything you find out. Regards, Nick Di Giovanni IS Audit Manager Rutgers University