Auditd errors on busy hosts when rolling over log files

Hi, I have some quite busy hosts, that emit the following errors when I request the audit log file is rolled over (via a kill -s USR1 auditdpid). Error receiving audit netlink packet(No buffer space available) Error sending signal_info request (No buffer space available) a. Increase backlog buffer (currently 32768) b. Increase priority_boost (currently 4) c. Reduce the number of log files (currently 9) Does anyone have a feel for which of the above should offer the best return? Are their other configuration parameters I could adjust (aside from changing my ruleset in audit.rules)? Thanks in advance Burn