> Is there some redundancy between Audit and SystemTap ?
Sure. Other than logistical (installation) issues though,
there is the potential for more interesting differences.
Audit is a single system-wide facility, so only a single
configuration (set of trace points) can be active at a time.
Systemtap is per-session, so many different probing sessions
collecting different sorts of data can run at the same time.
Mortadelo represents only a basic use of systemtap at the
present (an unconditional trace record for a bunch of
systemcalls, system-wide). It could do something richer,
like dynamically adjusting the target process/syscall list
to reduce trace data quantity (-> improve performance, reduce
system impact); to encode user-specified filters; to change
these even during systemtap probe run-time using a /proc file