Audisp is flooding /var/log/messages and trying to fix it

I'm upgrading from syslog to rsyslog in order to clean up logging. I've noticed that Audispd was flooding /var/log/messages with the following:

2015-12-23T08:33:46.370297-06:00 ameda4aisrx0238 audisp-remote: queue is full - dropping event

Under /etc/audisp/audispd.conf, I've changed the overflow_action from SYSLOG to SUSPEND, since I don't see a STIG pertaining to it:

q_depth = 2048
overflow_action = SUSPEND
priority_boost = 8
max_restarts = 10
name_format = HOSTNAME
#name = mydomain

That seemed to fix it for about 1 minute and then it was back to what it was.

I've read that q_depth could be increased to handle this since the logging can't keep up. The man page doesn't have a recommendation for a size or a best practice, so I'm wondering what would be a good number to set it to or see what others have done to fix this.

thanks

I'm wondering what