I have said the same thing to my boss, I wanted to use something native with Linux and not a third party application. As we progress in log management I realized Rsyslog was unable to perform some request we need and if Rsyslog was able to do what we wanted it was a pain in the @$$ to configure.
I did find some documentation about audit logs with Rsyslog. Maybe something there might help.
