To configure the 'auditd' service to use the
'audispd' plugin, set the 'active' line in
'/etc/audisp/plugins.d/syslog.conf' to 'yes'.
Restart the 'auditd'service:
'$ sudo service auditd restart'
[enabled/disabled]
The auditd service does not include the ability to send audit
records to a centralized server for management directly. It does, however,
include an audit event multiplexor plugin (audispd) to pass audit records
to the local syslog server
oval:org.secpod.oval:def:48883
oval:org.secpod.oval:def:48269
SCAP Repo OVAL Definition
2018-11-08