To configure the 'auditd' service to use the 'audispd' plugin, set the 'active' line in '/etc/audisp/plugins.d/syslog.conf' to 'yes'. Restart the 'auditd'service: '$ sudo service auditd restart'

[enabled/disabled]

The auditd service does not include the ability to send audit records to a centralized server for management directly. It does, however, include an audit event multiplexor plugin (audispd) to pass audit records to the local syslog server