Limiting of audit records is actually done in the kernel, and
currently the rate limit applies equally[1] to all records, there is
no ability to enforce limits per-key.
One question Paul, will it be ok, if we contribute something similar to the Auditd Kernel repository?