Hi colleagues, I need help. When I add --audit_allow_config=true I begin to get a socket_events and everything is ok, but all network logs are copying to /var/log/auth.log and this log is too big. When I remove this flag, I not get the socket events... Can I turn on the socket event without cloning these logs to /var/log/auth.log ? Many thanks for considering my request.