For audit, I'm being asked to provide details on whatever changes specific users make when they vi select files. I've done some reading on Solaris auditing and it sounds like the amount of information that this could generate would be insane because it would track all file writes and not just the handful of edits that happen fairly infrequently. I'm considering writing a wrapper for vi that they would use that would automatically copy the file out of place before editing and then finish by doing a diff and emailing someone the changes after they were done editing, but that'll be a pain in the nuts to force people to use and may have all kinds of issues with other commands that use vi (like hitting v while running less). Another thought was Tripwire, but I'm not all that familiar with it. I know it is supposed to be configurable to monitor select files for changes, but does anyone know if it'll actually track what those changes are?