Backlog exceeded when using audisp

Hello, I'm trying to send the audit logs on a secure RHEL 6.5 system to rsyslog. Rsyslog will then send them to another system for centralized collection. I can't have audisp send them directly because the connectivity is unreliable and rsyslog provides on disk queues for reliable delivery. I've activated the syslogplugin of audisp to do the transfer. The problem is getting the logs transferred fast enough. The system is configured to panic upon error (-f 2), which it does frequently when I do something like update the SELinux RPM since watching /etc/selinux is required by the STIG. I have the audit buffer size configured to 8192 and the audisp queue set to 120. I'm surprised the 8192 buffer is being overwhelmed. When I look at aureport for just the time frame of the action, I get approximately 350 events. I know that each event may have multiple entries, but it is interesting that the capacity of a buffer over 20 times bigger is being exceeded. Can anyone in a similar situation share any insights? Is there a faster way to transfer the logs rather than the audispsyslogplugin? We use to have rsyslog monitor the audit.log file but ran into some issues when we started dealing with log file rollover. And it just seems cleaner to send the audit logs directly. Thanks, Andrew Ruch