auditing audispd vs kubernetes daemonsets

Hello, In the midst of discussing sending audit logs from a Red Hat CoreOS node to some central audit collection and evaluation tool, the question came up about using audispd instead of Daemonsets. Daemonsets are what is planned for OpenShift. As I understand it, the general principle is to allow auditing to flow through the subsystem, but does it need to flow through the entire auditing workflow? Can a Daemonset be used instead of audispd, or are there reasons audispd should be used over a Daemonset that some of us just aren't aware of? Thanks, Gabriel Alford Member of the technical staff office of the chief technologist red hat Public Sector Red Hat <https://www.redhat.com> ralford(a)redhat.com T: 972-707-6483 <650-254-4391> M: 303-550-7234 <https://red.ht/sig> <https://red.ht/sig>