I have two rules in my audit rules

-a always,exit -F arch=b32 -S execve -k EXEC_LOG
-w /etc/passwd -p wra -k identity

When I enter
cat /etc/passwd on the console

Both rules are matched and there is redundant information in the log. How to make sure there is only one rule matched.

Thanks a lot.