Information
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/chap-system_auditing.html
Solution
If the file exists, add a rule for it.
For example,
Add the line as below in /etc/audit/audit.rules file-
-w /usr/lib/systemd/system/docker.socket -k docker
Then, restart the audit daemon. For example,
service auditd restart
Impact-
Auditing generates quite big log files. Ensure to rotate and archive them periodically. Also, create a separate partition of audit to avoid filling root file system.
Default Value-
By default, Docker related files and directories are not audited.The file docker.socket may not be available on the system.