Sysadmins use audits to discover security violations and track security-relevant information on their systems. Based on preconfigured rules and properties, the audit daemon (auditd) generates log entries to record information about the events happening on the system. Administrators use this information to analyze what went wrong with the security policies and improve them further by taking additional measures.

Source: LXer – Configure Linux system auditing with auditd