--- /dev/null
+## First rule - delete all
+-D
+
+## Increase the buffers to survive stress events.
+## Make this bigger for busy systems
+-b 132000
+
+## This determine how long to wait in burst of events
+#--backlog_wait_time 0
+
+## Set failure mode to syslog
+-f 1
+
+## Generate unlimited audit messages per second
+-r 0