diff --git a/audit.d b/audit.d
index 46306ae..14ce734 100755
--- a/audit.d
+++ b/audit.d
@@ -266,3 +266,67 @@ audit::aue_futimes*:commit
     printf("}\n");
     comma=",";
 }
+
+tcp:::accept-established
+/(pid != $pid)
+#if !AUDIT_SSH_MORE
+    && ((execname != "sshd") || ((execname == "sshd") &&
+	(probefunc != "aue_read") && (probefunc != "aue_write") && (probefunc != "aue_mmap")))
+#endif
+/
+{
+	printf("TCP accepted a connection from %s:%d to %s:%d on UUID %U\n",
+		       args[2]->ip_saddr,
+		       args[4]->tcp_sport,
+		       args[2]->ip_daddr,
+		       args[4]->tcp_dport,
+		       ((struct tcpcb *)args[3]->tcps_addr)->t_inpcb->inp_socket->so_uuid);
+}
+
+tcp:::connect-established
+/(pid != $pid)
+#if !AUDIT_SSH_MORE
+    && ((execname != "sshd") || ((execname == "sshd") &&
+	(probefunc != "aue_read") && (probefunc != "aue_write") && (probefunc != "aue_mmap")))
+#endif
+/
+{
+	printf("TCP established a connection to %s:%d from %s:%d on UUID %U\n",
+		       args[2]->ip_saddr,
+		       args[4]->tcp_sport,
+		       args[2]->ip_daddr,
+		       args[4]->tcp_dport,
+		       ((struct tcpcb *)args[3]->tcps_addr)->t_inpcb->inp_socket->so_uuid);
+}
+
+udp:::send
+/(pid != $pid)
+#if !AUDIT_SSH_MORE
+    && ((execname != "sshd") || ((execname == "sshd") &&
+	(probefunc != "aue_read") && (probefunc != "aue_write") && (probefunc != "aue_mmap")))
+#endif
+/
+{
+	printf("UDP sent data to %s:%d from %s:%d on UUID %U\n",
+		       args[2]->ip_daddr,
+		       args[4]->udp_dport,
+		       args[2]->ip_saddr,
+		       args[4]->udp_sport,
+		       ((struct inpcb *)args[3]->udps_addr)->inp_socket->so_uuid);
+}
+
+udp:::receive
+/(pid != $pid)
+#if !AUDIT_SSH_MORE
+    && ((execname != "sshd") || ((execname == "sshd") &&
+	(probefunc != "aue_read") && (probefunc != "aue_write") && (probefunc != "aue_mmap")))
+#endif
+/
+{
+	printf("UDP received data from %s:%d to %s:%d on UUID %U\n",
+		       args[2]->ip_saddr,
+		       args[4]->udp_sport,
+		       args[2]->ip_daddr,
+		       args[4]->udp_dport,
+		       ((struct inpcb *)args[3]->udps_addr)->inp_socket->so_uuid);
+}
diff --git a/openclose.d b/openclose.d
new file mode 100755
index 0000000..ad44fef
--- /dev/null
+++ b/openclose.d
@@ -0,0 +1,28 @@
+#!/usr/sbin/dtrace -s
+/*
+ * Test only the open() and close() system call's use of the
+ * fi_pathname member of the fds[] array.
+ *
+ * Usage: openclose.d (either sudo or as root)
+ */
+
+#pragma D option quiet
+#pragma D option switchrate=100hz
+#pragma D option dynvarsize=16m
+#pragma D option bufsize=16m
+#pragma D option strsize=1024
+
+syscall::open:return
+/pid != $pid/
+{
+	printf("{\"event\": \"%s:%s:%s:\", \"time\": %d, \"pid\": %d, \"ppid\": %d, \"tid\": %d, \"uid\": %d, \"exec\": \"%s\", \"dir\": \"%s\",\"path\": \"%s\", \"fd\": %d }\n",
+	       probeprov, probemod, probefunc, walltimestamp, pid, ppid, tid, uid, execname, fds[arg1].fi_dirname, fds[arg1].fi_pathname, arg1);
+}
+
+
+syscall::close:entry
+/pid != $pid/
+{
+	printf("{\"event\": \"%s:%s:%s:\", \"time\": %d, \"pid\": %d, \"ppid\": %d, \"tid\": %d, \"uid\": %d, \"exec\": \"%s\", \"dir\": \"%s\",\"path\": \"%s\", \"fd\": %d }\n",
+	       probeprov, probemod, probefunc, walltimestamp, pid, ppid, tid, uid, execname, fds[arg0].fi_dirname, fds[arg0].fi_pathname, arg0);
+}