Initial commit

[ta/infra-ansible.git] / roles / audit / templates / 10-base-config.rules.j2

diff --git a/roles/audit/templates/10-base-config.rules.j2 b/roles/audit/templates/10-base-config.rules.j2
new file mode 100644 (file)
index 0000000..8172358
--- /dev/null
+++ b/roles/audit/templates/10-base-config.rules.j2
@@ -0,0 +1,15 @@
+## First rule - delete all
+-D
+
+## Increase the buffers to survive stress events.
+## Make this bigger for busy systems
+-b 132000
+
+## This determine how long to wait in burst of events
+#--backlog_wait_time 0
+
+## Set failure mode to syslog
+-f 1
+
+## Generate unlimited audit messages per second
+-r 0