Placing "/var/log/audit" in its own partition enables better separation between audit files and other system files and helps ensure that auditing cannot be halted due to the partition running out of space.
Check
Verify Amazon Linux 2023 has a separate file system/partition created for the system audit data path with the following command:
Note: /var/log/audit is used as the example as it is a common location.
$ mount | grep /var/log/audit UUID=2efb2979-45ac-82d7-0ae632d11f51 on /var/log/home type xfs (rw,realtime,seclabel,attr2,inode64)
Fix
Configure Amazon Linux 2023 to have a separate file system/partition for the system audit data path.
Migrate the system audit data path onto a separate partition.