See https://linux.die.net/man/8/auditd.conf
Looks like you can use the log_file
option in that file to tell auditd
where to store the logs.
See https://linux.die.net/man/8/ausearch
Looks like you can use the --input-logs
option to tell ausearch
to look for logs using the location specified with log_file
in /etc/audit/auditd.conf
.