Ubuntu 22.04 Inspect the contents of /etc/audit/rules.d/10-base-config.rules /etc/audit/rules.d/10-base-config.rules ^.*$ 1 ## First rule - delete all -D ## Increase the buffers to survive stress events. ## Make this bigger for busy systems -b 8192 ## This determine how long to wait in burst of events --backlog_wait_time 60000 ## Set failure mode to syslog -f 1