> The main (& the HUGEST)  bad changes in report was tat I
> CAN'T know from it what it WAS & what it NOW. I _NEED_ this information for
> all parameters set to be checked.

Maybe I misunderstand you Olli, but here is an excerpt from a 2.3 report:

  Property:            Expected                    Observed   
  -------------        -----------                 -----------
  Object Type          Regular File                Regular File
  Device Number        769                         769  
  Inode Number         104008                      104008
  Mode                 -rwxr-xr-x                  -rwxr-xr-x
  Num Links            1                           1
  UID                  0                           0  
  GID                  0                           0  
* Size                 1151                        1316
* Modify Time          Thu Feb 15 13:47:41 2001    Mon Apr  9 06:05:32 2001
  Blocks               4                           4
* CRC32                DSBqPk                      AwneSj
* MD5                  B9C6iM+h+k7koU+m6zwtpt      D/jgBrXJwzYnwxmq9CJP1j

It clearly shows what the properties were (Expected), and what they are now (observed),
and marks the changed ones with an '*' to highlight them. Is this not what you are asking
for above?

> What da hell means /bin/ls has changed? What of MANY
> parameters changed. & HOW them where changed. :? I've some scripts running from

I am beginning to think you have your report level set at something below 3. You need
to add to your config file:

EMAILREPORTLEVEL = 4

and I think you will get a lot more information (too much according to some <cough><g>).

> These new reports are USELESS. I decided to remove tripwire
> because old one with fine reports has bugs with non-"C"-locale-based file
> names & the new one is just a WASTE of CPU cicles & human reading time.

With all due respect, that is really just plain silly. I mean, come on. You are going
to compromise you system security policy because the reports are a little _too_ verbose?

I really think if you explore the EMAILREPORTLEVEL values from 0 to 4 you will find one
that you can live with until Gary and I come up with something better, and in the meantime
at least your system(s) are more secure for having tripwire running on them.

rjf&