questions about auditing on a new RH 6 box

I have a new VM running RH 6 server. I put some audit.rules in place, and now I notice that I am getting 11 MB of audit log entries every half hour. This server has no users or services running. I am trying to use audit-viewer to determine which of my rules is creating so much log traffic, but I don't understand the output enough to be able to tell. The version of audit is 2.0.4-1 (64 bit). Is this the correct forum to ask this question? If so, I can provide the audit rules and some of the logs. --- Bill Tangren IAM U.S. Naval Observatory, Washington