The 'auditd' service can be configured to send email to a designated account in certain situations. Add or correct the following line in '/etc/audit/auditd.conf' to ensure that administrators are notified via email for those situations: 'action_mail_acct = root'

[root/admin]

Email sent to the root account is typically aliased to the administrators of the system, who can take appropriate action.