You can also use the 'guiSvrcli.sh' script to export the audit logs to csv as well as syslog server along with following filters;
--export_audit_log This command exports audit logs to a CSV file | syslog server --filter This parameter enables filter option for auditlog --admin filter on admin name --device filter on device name --action-field filter on type of action --domain filter on login domain --time filter on time --target filter on target object
--action This parameter specifies which action the system should execute for each matching log --csv This parameter directs the system to output logs using the comma-separated variable format. The value must be a file name. --syslogs This parameter directs the system to send log to a syslog server. The value must be encoded as [IP|FQDN].
Then you can try and test with the "--time" parameter. Normally it is used to specify the definite time and not realtime,.
This is not QA tested hence cannot comment.
Regards -Animesh If this worked for you please flag my post as an "Accepted Solution" so others can be benefited.