Normally, auditd will hold 4 logs of maximum log file size before deleting older log files.
In high security contexts, the benefits of maintaining a long audit history exceed the cost of storing the audit history.
max_log_file_action setting in /etc/audit/auditd.conf is set to at least a certain value