All audit directories must be group owned by root user. By default, the path for audit log is /var/log/audit/
.
To properly set the group owner of /var/log/audit, run the command:
$ sudo chgrp root /var/log/audit
If log_group in /etc/audit/auditd.conf is set to a group other than the root
group account, change the group ownership of the audit directories to this specific group.