diff --git a/files/etc/audisp/audispd.conf b/files/etc/audisp/audispd.conf
index 2b6d3f6617e23300f6628d0e22252ca67a4e4e0b..c9381d98cbde3076b7013e3ac2add6c911972c9e 100644
--- a/files/etc/audisp/audispd.conf
+++ b/files/etc/audisp/audispd.conf
@@ -3,7 +3,7 @@
 # dispatcher daemon, audispd.
 #
 
-q_depth = 10000
+q_depth = 32767
 overflow_action = SYSLOG
 priority_boost = 4
 max_restarts = 10
diff --git a/files/etc/audisp/plugins.d/simplify.conf b/files/etc/audisp/plugins.d/simplify.conf
new file mode 100644
index 0000000000000000000000000000000000000000..d0cc1ec03686672c894007c5c01b31c9799a762b
--- /dev/null
+++ b/files/etc/audisp/plugins.d/simplify.conf
@@ -0,0 +1,5 @@
+active = yes
+direction = out
+path = /usr/sbin/audisp-simplify
+type = always
+format = string
diff --git a/files/etc/audit/audit.rules b/files/etc/audit/audit.rules
index e0338209959fa8cb3f623550e171931d03107e60..97591df0d7710083351e4a5d57f4e8f4c7e851cd 100644
--- a/files/etc/audit/audit.rules
+++ b/files/etc/audit/audit.rules
@@ -6,17 +6,20 @@
 
 # Increase the buffers to survive stress events.
 # Make this bigger for busy systems
--b 1024
+-b 32767
 
 # The following rules create log entries to be written whenever the
 # rmdir, unlink, execve system calls exit. This will record file
 # deletion and command line executions.
--a exit,always -F arch=b32 -S execve -k exec
--a exit,always -F arch=b64 -S execve -k exec
--a exit,always -F arch=b32 -S link -S unlink -k filewrite
--a exit,always -F arch=b64 -S link -S unlink -k filewrite
--a exit,always -F arch=b32 -S mkdir -S rmdir -k filewrite
--a exit,always -F arch=b64 -S mkdir -S rmdir -k filewrite
+-a exit,always -F arch=b32 -S execve -k EXEC
+-a exit,always -F arch=b64 -S execve -k EXEC
+-a exit,always -F arch=b64 -S bind       -k BIND       -F exit!=-2
+-a exit,always -F arch=b64 -S connect    -k CONNECT    -F exit!=-2
+-a exit,always -F arch=b32 -S socketcall -k SOCKETCALL -F exit!=-2
+-a exit,always -F arch=b32 -S link -S unlink -k FILEWRITE
+-a exit,always -F arch=b64 -S link -S unlink -k FILEWRITE
+-a exit,always -F arch=b32 -S mkdir -S rmdir -k FILEWRITE
+-a exit,always -F arch=b64 -S mkdir -S rmdir -k FILEWRITE
 
 # The following rules create log entries when the critical system 
 # files are created or deleted.
diff --git a/files/etc/newsyslog.daily/audisp-simplify b/files/etc/newsyslog.daily/audisp-simplify
new file mode 100644
index 0000000000000000000000000000000000000000..06c7610f90731b43c423a0df0700e9c29a2ec40d
--- /dev/null
+++ b/files/etc/newsyslog.daily/audisp-simplify
@@ -0,0 +1,10 @@
+# audisp-simplify -- Rotate audisp-simplify logs
+#
+set logdir  = /var/log/%n
+set save    = /var/log/OLD/%n
+
+syslog {
+   log: audisp-simplify logdir root 0 644
+
+   archive: ldap save 30
+}
diff --git a/manifests/auditd.pp b/manifests/auditd.pp
index ed5a36516fa693c7f79dc5c0590d54292f075ce1..6f36c8e4c5c98163e75730cd8000192dbbf37803 100644
--- a/manifests/auditd.pp
+++ b/manifests/auditd.pp
@@ -31,6 +31,7 @@ define audit::auditd (
   $max_log_file        = 1000,
   $max_log_file_action = 'ROTATE',
   $num_logs            = 5,
+  $simplify            = 'NONE',
   $space_left          = 5000,
   $space_left_action   = 'SYSLOG',
   $ensure
@@ -65,7 +66,7 @@ define audit::auditd (
 
       # Where to send the audit
       file {
-        '/etc/audisp/audispd.conf': 
+        '/etc/audisp/audispd.conf':
           source  => 'puppet:///modules/audit/etc/audisp/audispd.conf',
           require => Package['auditd'];
         '/etc/audisp/plugins.d/au-remote.conf':
@@ -76,13 +77,29 @@ define audit::auditd (
           require => Package['auditd'];
       }
 
+      # Test the simplification of auditd logging
+      if $simplify != 'NONE' {
+        package {
+          'stanford-auditd-tools': ensure => installed;
+        }
+        file {
+          '/etc/audisp/plugins.d/simplify.conf':
+            source  => 'puppet:///modules/audit/etc/audisp/plugins.d/simplify.conf',
+            require => Package['auditd'];
+          '/etc/newsyslog.daily/audisp-simplify':
+            mode    => 644,
+            source  => "puppet:///modules/audit/etc/newsyslog.daily/audisp-simplify",
+            require => Package['newsyslog'];
+        }
+      }
+
       # There appears to be a memory leak that is causing auditd to
       # consume swap space.  Restarting once a week fixes this.
       file { '/etc/cron.d/auditd-restart':
         ensure => present,
         source => 'puppet:///modules/audit/etc/cron.d/auditd-restart',
       }
-      
+
       # The only difference about a sink server is that it allows
       # remote connections.
       if $sink_server {