audispd-plugin configuration

# cat /etc/audisp/plugins.d/idskerndsp.conf

active = yes
direction = out
path = /ux/ids/idskerndsp
type = always
args = --test
format = string

Rules Configured

# auditctl -l
LIST_RULES: exit,always syscall=open,close

Audit Status

# auditctl -s
AUDIT_STATUS: enabled=1 flag=1 pid=20358 rate_limit=0 backlog_limit=320 lost=0 backlog=0

With log_format = NOLOG, above rule enabled for auditing, time taken is

real    0m16.849s
user    0m0.045s
sys     0m3.838s