The cost of analysis is roughly proportional to the amount of audit data that is collected. The cost of analysis includes the time that is required to merge and review audit records.
For records that are collected by the audit_binfile plugin, cost also includes the time that is required to archive the records and their supporting name service databases, and to keep the records in a safe place. Supporting databases include groups, hosts, and passwd.
The fewer records that you generate, the less time that is required to analyze the audit trail. The sections Cost of Storage of Audit Data and Auditing Efficiently describe ways to audit efficiently. Efficient auditing reduces the amount of audit data while still providing enough coverage to achieve your site's security goals.