Determine how many log files 'auditd' should retain when it rotates logs. Edit the file '/etc/audit/auditd.conf'. Add or modify the following line, substituting

[5_log_files/4_log_files/3_log_files]

The total storage for audit log files must be large enough to retain log information over the period required. This is a function of the maximum log file size and the number of logs retained.