However, my suggestion is to ship the audit logs out to log collector rather than using files. Graylog, Splunk, etc… will make your life a lot easier when you need to parse the audit files.
However, my suggestion is to ship the audit logs out to log collector rather than using files. Graylog, Splunk, etc… will make your life a lot easier when you need to parse the audit files.