There has been some more clarifications on the subject since last time. I've got an on premise management handling the AWS/Assure FWs. I know logs are pushed to the management by default.
How do we manage the /var/log/audit/audit.log?
I was thinking utilizing log exporter to copy the data to an on premise log server as a solution. Don't know if this is the only option. We are trying to minimize any future issues related to internal audits.