Way too many logs!

Here are the rules I'm using: -D -b 8096 -a exit,always -S open -F success=0 -k RULE1 -a exit,always -S unlink -S rmdir -k RULE2 -w /etc/auditd.conf -k RULE3 -w /etc/audit.rules -k RULE4 -a exit,always -S acct -S reboot -S swapon -k RULE5 -a exit,always -S settimeofday -S setrlimit -S setdomainname -k RULE6 -a exit,always -S sched_setparam -S sched_setscheduler -k RULE7 -a exit,always -S chmod -S fchmod -S chown -S fchown -k RULE8 -a exit,always -S lchown -k RULE9 Here is the output of aureport: Summary Report ====================== Range of time: 04/25/08 16:37:44.116 - 04/25/08 16:47:29.266 Number of changes in configuration: 22 Number of changes to accounts, groups, or roles: 0 Number of logins: 0 Number of failed logins: 0 Number of users: 2 Number of terminals: 4 Number of host names: 2 Number of executables: 33 Number of files: 693 Number of AVC denials: 0 Number of MAC events: 0 Number of failed syscalls: 4052 Number of anomaly events: 0 Number of responses to anomaly events: 0 Number of crypto events: 0 Number of process IDs: 1428 Number of events: 1444530 This is 475mb in ten minutes! Here is how the rule hits add up: RULE1: 4052 RULE2: 601 RULE3: 9 RULE4: 1 RULE5: 0 RULE6: 40 RULE7: 1438239 RULE8: 1503 RULE9: 0 Here is one of the log entries I have so many of. type=SYSCALL msg=audit(04/25/08 16:37:48.568:194518) : arch=i386 syscall=_newselect per=400000 success=yes exit=0 a0=13 a1=f692e220 a2=0 a3=0 items=0 ppid=1 pid=4012 auid=unknown(4294967295) uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) comm=savd exe=/opt/sophos-av/engine/_/savd.0 subj=unconstrained key="RULE7" How can I exclude this so it doesn't get logged? The rules I have above are required by the government. DIACAP STIG Thanks!