auditing activity where uid==0

Hi, Here's my current rule, which is working, but is producing a lot of extra log that I'd like to suppress: -a entry,always -S execve -F euid=0 I'm wondering if there's a way to limit this to only audit events that happen from a real tty, e.g. a human user. I'm getting lots of extraneous chatter from sshd, automount, and cron, all of which are from tty=(none), but I'm not sure it's possible to filter on tty... Thanks