## First rule - delete all
-D

## Increase the buffers to survive stress events.
## Make this bigger for busy systems
-b 132000

## This determine how long to wait in burst of events
#--backlog_wait_time 0

## Set failure mode to syslog
-f 1

## Generate unlimited audit messages per second
-r 0