The Linux-Auditing system can transfer audit records off the system and store them on a remote server. This article shows how to encrypt the transfer and how to authenticate the remote system where the audit records are stored.
As a first step, please make sure unsecure remote auditd logging is configured and works as described in this KCS:
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.