Can I specify my own audit file for policy monitoring?
Yes, you can use the system_audit option for that. Example SSH rule