auditd augenrules lost meaning

Question

[root@rock:/var/log/audit] : service auditd status
Redirecting to /bin/systemctl status auditd.service
  auditd.service - Security Auditing Service
   Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2021-01-11 08:24:35 EST; 51min ago
     Docs: man:auditd(8)
           https://github.com/linux-audit/audit-documentation
  Process: 94529 ExecStartPost=/sbin/augenrules --load (code=exited, status=0/SUCCESS)
  Process: 94513 ExecStart=/sbin/auditd (code=exited, status=0/SUCCESS)
 Main PID: 94515 (auditd)
   CGroup: /system.slice/auditd.service
           +-94515 /sbin/auditd
           +-94517 /sbin/audispd
           +-94519 /usr/sbin/sedispatch

Jan 11 08:24:35 rock augenrules[94529]: lost 4892
Jan 11 08:24:35 rock augenrules[94529]: backlog 0
Jan 11 08:24:35 rock augenrules[94529]: enabled 1
Jan 11 08:24:35 rock augenrules[94529]: failure 1
Jan 11 08:24:35 rock augenrules[94529]: pid 94515
Jan 11 08:24:35 rock augenrules[94529]: rate_limit 0
Jan 11 08:24:35 rock augenrules[94529]: backlog_limit 1048576
Jan 11 08:24:35 rock augenrules[94529]: lost 4892
Jan 11 08:24:35 rock augenrules[94529]: backlog 0
Jan 11 08:24:35 rock systemd[1]: Started Security Auditing Service.

In RHEL 7.9 when using auditd I believe I have everything working well but when I do the above I see lost 4892

what does that lost value mean? Is it bad? Should I want that to be zero?

For reference below is my /etc/audit/auditd.conf

#
# This file controls the configuration of the audit daemon
#
local_events = yes
write_logs = yes
log_file = /var/log/audit/audit.log
log_group = root
log_format = RAW
flush = INCREMENTAL_ASYNC
freq = 100
max log file size in MB, does not matter with KEEP_LOGS
max_log_file = 10000
max_log_file_action = KEEP_LOGS
no log rotation
num_logs = 0
priority_boost = 0
admin_space_left_action = SINGLE
disk_full_action = SINGLE
disk_error_action = SINGLE
disp_qos = LOSSLESS
dispatcher = /sbin/audispd
name_format = HOSTNAME
space_left = 500
admin_space_left = 300
space_left_action = email
verify_email = yes
action_mail_acct = root
use_libwrap = yes
##tcp_listen_port = 60
tcp_listen_queue = 5
tcp_max_per_addr = 1
##tcp_client_ports = 1024-65535
tcp_client_max_idle = 0
enable_krb5 = no
krb5_principal = auditd
##krb5_key_file = /etc/audit/audit.key
distribute_network = no

Answer 1

Newbie here using audit, according to the man page of auditctl when using the -s option:

-s Report the kernel's audit subsystem status. It will tell you the in-kernel values that can be set by -e, -f, -r, and -b options. The pid value is the process number of the audit daemon. Note that a pid of 0 indicates that the audit daemon is not running. The lost entry will tell you how many event records that have been discarded due to the kernel audit queue overflowing. The backlog field tells how many event records are currently queued waiting for auditd to read them. This option can be followed by the -i to get a couple fields interpreted.

The part that talks about lost value is in bold.