I would like to create a trigger in Zabbix to alert me anytime a type=AVC error appears in a CentOS 6 server's /var/log/audit/audit.log file.

I've already tried creating a basic log scrape. E.g.:

log[/var/log/audit/audit.log,type=AVC,"UTF-8",100]

However, it does not work. I believe this is due to the /var/log/audit/audit.log and it's parent folder using the following permissions:

drwxr-x---.  2 root root    4096 Apr 20 04:29 .
drwxr-xr-x. 13 root root    4096 Apr 14 12:07 ..
-rw-------.  1 root root 5948185 Apr 20 15:27 audit.log
-r--------.  1 root root 6291566 Apr 20 04:29 audit.log.1
-r--------.  1 root root 6291704 Apr 19 16:56 audit.log.2
-r--------.  1 root root 6291499 Apr 19 05:22 audit.log.3
-r--------.  1 root root 6291552 Apr 18 17:48 audit.log.4

I would prefer not to change the permissions for security reasons.

Has anyone done log monitoring of /var/log/audit/audit.log using Zabbix? And if so, how?