diff --git a/audit-1.7.3-prelude.patch b/audit-1.7.3-prelude.patch
index 1922001..fcb8166 100644
--- a/audit-1.7.3-prelude.patch
+++ b/audit-1.7.3-prelude.patch
@@ -1,6 +1,6 @@
 diff -urp audit-1.7.2.orig/audisp/plugins/prelude/audisp-prelude.c audit-1.7.2/audisp/plugins/prelude/audisp-prelude.c
 --- audit-1.7.2.orig/audisp/plugins/prelude/audisp-prelude.c	2008-04-07 16:57:12.000000000 -0400
-+++ audit-1.7.2/audisp/plugins/prelude/audisp-prelude.c	2008-04-17 16:27:51.000000000 -0400
++++ audit-1.7.2/audisp/plugins/prelude/audisp-prelude.c	2008-04-18 14:23:06.000000000 -0400
 @@ -228,7 +228,8 @@ int main(int argc, char *argv[])
  		return -1;
  	}
@@ -23,11 +23,92 @@ diff -urp audit-1.7.2.orig/audisp/plugins/prelude/audisp-prelude.c audit-1.7.2/a
  
  	/* Cleanup subsystems */
  	if (client) 
-@@ -1938,6 +1940,7 @@ static void handle_event(auparse_state_t
- 				break;
- 			case AUDIT_SYSCALL:
- 				handle_watched_syscalls(au, &idmef, &alert);
-+				goto_record_type(au, AUDIT_SYSCALL);
- 				break;
- 			default:
- 				break;
+@@ -609,7 +611,7 @@ static int get_login_exe_info(auparse_st
+ 		base = basename(exe);
+ 		ret = prelude_string_new(&name_str);
+ 		PRELUDE_FAIL_CHECK;
+-		ret = prelude_string_set_ref(name_str, base);
++		ret = prelude_string_set_dup(name_str, base);
+ 		PRELUDE_FAIL_CHECK;
+ 		idmef_process_set_name(process, name_str);
+ 	}
+@@ -708,7 +710,7 @@ static int get_comm_info(auparse_state_t
+ 			char *base = basename(exe);
+ 			ret = prelude_string_new(&name_str);
+ 			PRELUDE_FAIL_CHECK;
+-			ret = prelude_string_set_ref(name_str, base);
++			ret = prelude_string_set_dup(name_str, base);
+ 			idmef_process_set_name(process, name_str);
+ 		}
+ 	}
+@@ -760,7 +762,7 @@ static int get_file_info(auparse_state_t
+ 		ret = prelude_string_new(&str);
+ 		PRELUDE_FAIL_CHECK;
+ 
+-		ret = prelude_string_set_ref(str, path);
++		ret = prelude_string_set_dup(str, path);
+ 		PRELUDE_FAIL_CHECK;
+ 		if (path[0] == '/') {
+ 			char *base;
+@@ -772,7 +774,7 @@ static int get_file_info(auparse_state_t
+ 				base = "/";
+ 			ret = prelude_string_new(&name_str);
+ 			PRELUDE_FAIL_CHECK;
+-			ret = prelude_string_set_ref(name_str, base);
++			ret = prelude_string_set_dup(name_str, base);
+ 			PRELUDE_FAIL_CHECK;
+ 			idmef_file_set_name(file, name_str);
+ 		} else
+@@ -1811,7 +1813,7 @@ static void handle_event(auparse_state_t
+ 		rc = 0;
+ 		switch (type) {
+ 			case AUDIT_AVC:
+-			case AUDIT_USER_AVC:
++//			case AUDIT_USER_AVC:
+ 				if (config.avcs == E_NO)
+ 					break;
+ 				if (config.avcs_act != A_IDMEF)
+diff -urp audit-1.7.2.orig/auparse/auparse.c audit-1.7.2/auparse/auparse.c
+--- audit-1.7.2.orig/auparse/auparse.c	2008-04-08 12:37:09.000000000 -0400
++++ audit-1.7.2/auparse/auparse.c	2008-04-18 14:10:36.000000000 -0400
+@@ -1130,6 +1130,7 @@ int auparse_first_record(auparse_state_t
+ 			return rc;
+ 	}
+ 	aup_list_first(&au->le);
++	aup_list_first_field(&au->le);
+ 	
+ 	return 1;
+ }
+@@ -1236,7 +1237,22 @@ const char *auparse_find_field(auparse_s
+ {
+ 	free(au->find_field);
+ 	au->find_field = strdup(name);
+-	return auparse_find_field_next(au);
++
++	if (au->le.e.sec) {
++		const char *cur_name;
++		rnode *r;
++
++		// look at current record before moving
++		r = aup_list_get_cur(&au->le);
++		if (r == NULL)
++			return NULL;
++		cur_name = nvlist_get_cur_name(&r->nv);
++		if (cur_name && strcmp(cur_name, name) == 0)
++			return nvlist_get_cur_val(&r->nv);
++
++		return auparse_find_field_next(au);
++	}
++	return NULL;
+ }
+ 
+ /* Increment 1 location and then scan for next field */
+@@ -1258,6 +1274,8 @@ const char *auparse_find_field_next(aupa
+ 			if (nvlist_find_name(&r->nv, au->find_field))
+ 				return nvlist_get_cur_val(&r->nv);
+ 			r = aup_list_next(&au->le);
++			if (r)
++				aup_list_first_field(&au->le);
+ 		}
+ 	}
+ 	return NULL;
diff --git a/audit.spec b/audit.spec
index 3627b62..db4c1a7 100644
--- a/audit.spec
+++ b/audit.spec
@@ -269,6 +269,7 @@ fi
 %attr(644,root,root) %{_mandir}/man8/ausearch.8.gz
 %attr(644,root,root) %{_mandir}/man8/autrace.8.gz
 %attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz
+%attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz
 %attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
 %attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz
 %attr(750,root,root) /sbin/auditctl
@@ -277,7 +278,8 @@ fi
 %attr(755,root,root) /sbin/aureport
 %attr(750,root,root) /sbin/autrace
 %attr(750,root,root) /sbin/audispd
-%attr(750,root,root) /sbin/aulastlog
+%attr(750,root,root) %{_bindir}/aulastlog
+%attr(755,root,root) %{_bindir}/ausyscall
 %attr(755,root,root) /etc/rc.d/init.d/auditd
 %attr(750,root,root) %{_var}/log/audit
 %attr(750,root,root) %dir /etc/audit