diff -urp audit-2.6.5.orig/src/auditd-config.c audit-2.6.5/src/auditd-config.c
--- audit-2.6.5.orig/src/auditd-config.c	2016-07-14 15:53:39.000000000 +0000
+++ audit-2.6.5/src/auditd-config.c	2017-01-20 15:59:31.719704789 +0000
@@ -841,8 +841,7 @@ static int log_format_parser(struct nv_p
 			if (config->log_format == LF_NOLOG) {
 				audit_msg(LOG_WARNING,
 				    "The NOLOG option to log_format is deprecated. Please use the write_logs option.");
-				if (config->log_format == LF_NOLOG &&
-					config->write_logs != 0)
+				if (config->write_logs != 0)
 					audit_msg(LOG_WARNING,
 					    "The NOLOG option is overriding the write_logs current setting.");
 				config->write_logs = 0;
diff -urp audit-2.6.5.orig/src/auditd-event.c audit-2.6.5/src/auditd-event.c
--- audit-2.6.5.orig/src/auditd-event.c	2017-01-20 15:54:57.969419865 +0000
+++ audit-2.6.5/src/auditd-event.c	2017-01-20 16:04:17.562133973 +0000
@@ -48,6 +48,8 @@
 extern volatile int stop;
 
 /* Local function prototypes */
+static void send_ack(const struct auditd_event *e, int ack_type,
+			const char *msg);
 static void write_to_log(const struct auditd_event *e);
 static void check_log_file_size(void);
 static void check_space_left(void);
@@ -496,7 +498,7 @@ void handle_event(struct auditd_event *e
 		if (config->write_logs == 0)
 			return;
 	}
-	if (!logging_suspended) {
+	if (!logging_suspended && config->write_logs) {
 		write_to_log(e);
 
 		/* See if we need to flush to disk manually */
@@ -537,7 +539,10 @@ void handle_event(struct auditd_event *e
 				}
 			}
 		}
-	}
+	} else if (!config->write_logs)
+		send_ack(e, AUDIT_RMW_TYPE_ACK, "");
+	// FIXME: When logging is suspended, what should remote do?
+	// Should probably be new response type
 }
 
 static void send_ack(const struct auditd_event *e, int ack_type,