Attempting to use these links: Sending audit logs to SYSLOG server or http://wiki.rsyslog.com/index.php/Centralizing_the_audit_log

I have been unable to get centralized AUDIT logging to work on my ALL-CentOS network environment. I have 6 workstations dt1...dt6, and the log files are not generated at all and I cannot tell if the messages are being sent from these workstations: dt1..dt6 over to the server (srv1).

I have configured the rsyslog.conf on the workstations as shown in the link: Sending audit logs to SYSLOG server, and add the additional touches for generating the logfiles into a separate directory per YEAR/MONTH/DAY (using proper syntax) and into separate HOSTNAME-based_audit.log files.

Note: RSYSLOG messaging does appear to work from the workstations over to the server, but the audit logging portion is not working.

I am running CentOS-6.5 with RPMs: audit-2.2-4.el6_5.x86_64, audit-libs-2.2-4.el6_5.x86_64, and rsyslog-5.8.10-8.el6.x86_64

I have gotten zero responses from wiki.rsyslog.com and really need this to work.

If needed I can send files of one of my workstations and the server to aid in the process.

Thanks, Warron