This article describes a scenario where very large log files are getting created by the Centrify DirectAuthorize agent.
This is correct setting the log to Warn will only collect events that are warning or higher. Info messages should not be collected.
From Further looking into the audittrail.targets parameter you will need to set that to "1" if you want audit data sent to the collectors.
There may be an issue as you reported that you are using 5.1.2 and this audittrail.targets functionality shows as being available starting in 5.1.3.
Please test this on 1 5.1.2 system to see if this will work for you.
Here is the explanation of audtitrail.targets parameter:
This configuration parameter specifies the target for audit trail information. Possible settings are:
0 - Audit information is not sent.
1 - Audit information is sent to DirectAudit. This capability is supported by DirectAudit version 3.2 and later.
2 - Audit information is sent to the local logging facility (syslog on UNIX systems, Windows event log on Windows systems).
3 - Audit information is sent to both DirectAudit and the local logging facility. If DirectAudit 3.2 or later is installed, the default value is 3 (local logging facility and DirectAudit). Otherwise, the default value is 2 (local logging facility only).