We also have here centralized the normal system logs, and those are handled with RSyslog, as they sould be ;-), in separate files, rotated, & ...
But the recommendation for the audit logs is that they should be not passed through "third party" programs ran in user space... So that's why the audit daemons talk directly with the "central" auditD daemon, which throws everything in a single file [there is no configuration option in auditD to separate the files].
But it seams, that Doksu's solution is working 😉
Thanks
... View more