Does the “–e 2” have to be the last line of the audit.rules file?

Does it have to be listed prior to all of the syscalls and watches configured in the file?

 

 

Thank you in advance,

 

Warron French, MBA, SCSA