We have a high speed guard product that we are using on a set of Linux servers. Ive placed an LEM agent on the Linux Red Hat server head node and setup auditd collectors for /var/log/secure, /var/log/messages, and /var/log/audit.log for the host itself. The program developers want to place logs from the other RHEL servers onto a directory under the /opt/ drive. My question is if I setup at auditd connector to this directory to pull *.log will it collect those logs?
In theory, I don't see why this wouldn't work as long as the logs are in the format that the agent can normalize.