To configure the 'auditd' service to use the 'audispd' plugin, set the 'active' line in '/etc/audisp/plugins.d/syslog.conf' to 'yes'. Restart the 'auditd'service: '$ sudo service auditd restart' [enabled/disabled] The auditd service does not include the ability to send audit records to a centralized server for management directly. It does, however, include an audit event multiplexor plugin (audispd) to pass audit records to the local syslog server oval:org.secpod.oval:def:48883 oval:org.secpod.oval:def:48269 SCAP Repo OVAL Definition 2018-11-08