Anyway, the results for all RHEL7 machines (client versus Server) are perfect. The audit.rules are all laid down as expected, and after a reboot of the system the rules are all 100% in place - just as I need.
The problem is when they are laid down on RHEL6 clients versus Servers, the behaviors are very different.
For RHEL6 clients I have the following intentions and loaded into memory:
118 (-a) Action Rules in audit.rules file 118 Action Rules are loaded into memory (YAY!)
15 (-w) Watch Rules in audit.rules file 15 Watch Rules are loaded into memory (YAY!)
133 Total Rules in audit.rules files 133 Total Rules into memory (YAY!)
For RHEL6 Server; however, I have the following results:
118 (-a) Action Rules in audit.rules file 105 Action Rules are loaded into memory (FAIL)
15 (-w) Watch Rules in audit.rules file 0 Watch Rules are loaded into memory (HUGE FAIL)
133 Total Rules in audit.rules files 105 Total Rules into memory (YAY!)
This is really a big problem for me. Can someone help?