Auditing system events can be construed as a daunting, tedious, and intimidating task. The enablement of advanced audit policy configuration is often necessary to log the successes and failures required to identify unauthorized and malicious activity. Configuring a system accordingly results in numerous events, many of which may very well be the outcome of everyday normal activity. So how does one manage?