Removal of audit rules with audit start

Hi, I found that when I stop auditd, any existing audit rules still exist, but they are deleted when I restart using audit-0.6.2. Is this new behavior deliberate and preferred? Is there a new option to not delete rules on startup? All our tests are stopping and restarting auditd between assertions and cleaning out the log file to reduce clutter. We'll need to change the tests if this will no longer work. If users have a lot of rules created but have to bring down auditd for some reason, won't this be a problem? Thanks! Kris Wilson Linux Security (512) 838-0126 T/L:678-0126 krisw(a)us.ibm.com