I need to audit the following:

1. Audit failed attempts to access files and programs.
2. Audit files and programs deleted by the user.
3. Audit all administrative, privileged, and security actions.
4. Audit login, logout, and session initiation.
5. Audit all discretionary access control permission modifications.

I know I can do all of this in the /etc/audit.rules file but I do not know the syntax. Autoctrl is the program that calls these functions. Can anyone help?