labeled ipsec auditing

I am auditing when an ipsec policy is added and removed from the Security Policy Database. Should I also add audit when an SA is added and removed? SAs can quickly fill up log since there can be many of them and they also have a lifetime associated with them that can result in continuous renewal. I looked at how Paul implemented netlabel auditing, but was wondering is there any specific info I should audit for labeled ipsec? Regards, Joy