boot message "failed to start security services" (auditd) - OK to enable?

English Install/Boot/Login
#1

Boot console list this error: “failed to start security services”

From https://lists.opensuse.org/opensuse-bugs/2016-05/msg02279.html this was due to missing /var/log/audit folder, giving an error when running:

# auditd -f
Config file /etc/audit/auditd.conf opened for parsing
log_file_parser called with: /var/log/audit/audit.log
Could not open dir /var/log/audit (No such file or directory)
The audit daemon is exiting.

After creating the folder with 640 permissions it works:

# auditd -f
Config file /etc/audit/auditd.conf opened for parsing
log_file_parser called with: /var/log/audit/audit.log
log_format_parser called with: RAW
log_group_parser called with: root
priority_boost_parser called with: 4
flush_parser called with: INCREMENTAL
freq_parser called with: 20
num_logs_parser called with: 5
qos_parser called with: lossy
dispatch_parser called with: /sbin/audispd
name_format_parser called with: NONE
max_log_size_parser called with: 6
max_log_size_action_parser called with: ROTATE
space_left_parser called with: 75
space_action_parser called with: SYSLOG
action_mail_acct_parser called with: root
admin_space_left_parser called with: 50
admin_space_left_action_parser called with: SUSPEND
disk_full_action_parser called with: SUSPEND
disk_error_action_parser called with: SUSPEND
tcp_listen_queue_parser called with: 5
tcp_max_per_addr_parser called with: 1
tcp_client_max_idle_parser called with: 0
Started dispatcher: /sbin/audispd pid: 5604
type=DAEMON_START msg=audit(1519173689.827:4634): auditd start, ver=2.3.6 format=raw kernel=4.4.114-42-default auid=1000 pid=5602 subj=unconfined  res=success
config_manager init complete
Init complete, auditd 2.3.6 listening for events (startup state enable)
type=USER_ACCT msg=audit(1519173901.967:50): pid=6218 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_listfile acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
type=CRED_ACQ msg=audit(1519173901.967:51): pid=6218 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
type=LOGIN msg=audit(1519173901.967:52): pid=6218 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=2 res=1                                           
type=USER_ACCT msg=audit(1519173902.003:53): pid=6219 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_unix acct="root" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'                                                                                                
type=USER_START msg=audit(1519173902.003:54): pid=6219 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_limits,pam_unix,pam_umask,pam_systemd,pam_gnome_keyring,pam_env acct="root" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=USER_START msg=audit(1519173902.031:55): pid=6218 uid=0 auid=0 ses=2 msg='op=PAM:session_open grantors=pam_loginuid,pam_limits,pam_unix,pam_umask,pam_systemd,pam_gnome_keyring,pam_env acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
type=CRED_REFR msg=audit(1519173902.031:56): pid=6218 uid=0 auid=0 ses=2 msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
type=CRED_DISP msg=audit(1519173902.063:57): pid=6218 uid=0 auid=0 ses=2 msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
type=USER_END msg=audit(1519173902.063:58): pid=6218 uid=0 auid=0 ses=2 msg='op=PAM:session_close grantors=pam_loginuid,pam_limits,pam_unix,pam_umask,pam_systemd,pam_gnome_keyring,pam_env acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
type=USER_END msg=audit(1519173902.083:59): pid=6224 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:session_close grantors=pam_selinux,pam_selinux,pam_limits,pam_unix,pam_umask,pam_systemd,pam_gnome_keyring,pam_env acct="root" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

And a 0-byte /var/log/audit/audit.log file is created.

My question is if there is any adverse consequence in enabling it, if it is unnecessary (perhaps redundant with SELinux) or if the missing folder is just an installation glitch.

TIA

#2

I mean AppArmor, sorry.