openstack-ansible-security/doc/source/developer-notes/V-38634.rst

Ubuntu's default action for max_log_file_action is to rotate the logs. This meets the STIG requirements and the Ansible task will ensure that the secure default is maintained.

Use caution when changing this option. Certain values, like SUSPEND will cause the audit daemon to lock the machine when the maximum size for a log file is reached. Review the audit documentation carefully before making adjustments.