Finally, if I have '-e 2' as the last control in the audit.rules file; will the auditd.cron which executes as service auditd rotate still function properly?Anyway, how is this file implemented? Simply move it to a directory with permissions to execute; ensure it is executable and then simply set up a cronjob to execute it at whatever time of day that I wish?To me, this file is new; considering I needed it 8 months ago.It looks like there is a file called /usr/share/doc/auditd-<versionI know that I could have rolled the files at a specific size, by using the max_log_file attribute as identified in the /etc/audit/auditd.conf, but there was no "builtin" for managing auto rotation at the start of a new day (0000 hrs).So, I needed a feature over 8 months ago, nobody could provide one for the following:Rolling log files either when they hit a certain size or the day changed over at midnight.> /auditd.cron.