Filtering audit events

I'm trying to figure out a way to filter a large number of events similar to the following: time->Mon Aug 31 08:08:26 2015 type=PATH msg=audit(1441022906.019:52947542): item=1 name=(null) inode=133 dev=fd:06 mode=0100640 ouid=0 ogid=9002 rdev=00:00 obj=system_u:object_r:var_log_t:s0 nametype=NORMAL type=PATH msg=audit(1441022906.019:52947542): item=0 name="/var/log/simpana/Log_Files/locks/" inode=92 dev=fd:06 mode=040775 ouid=0 ogid=9002 rdev=00:00 obj=system_u:object_r:var_log_t:s0 nametype=PARENT type=CWD msg=audit(1441022906.019:52947542): cwd="/opt/simpana" type=SYSCALL msg=audit(1441022906.019:52947542): arch=c000003e syscall=2 success=no exit=-13 a0=996d68 a1=42 a2=1b6 a3=0 items=2 ppid=11855 pid=15755 auid=7538 uid=0 gid=9002 euid=4990 suid=4990 fsuid=4990 egid=9002 sgid=9002 fsgid=9002 tty=(none) ses=125779 comm="clBackup" exe="/opt/simpana/iDataAgent/clBackup" subj=system_u:system_r:initrc_t:s0 key="access" The STIG-compliant audit ruleset we're using seems to generate a lot of these, and I'm concerned that may be affecting the performance of the app in question (also, I consider it log spam). I tried the following rule (plus a few variations like ogid), but it doesn't seem to be working: -a exit,never -F gid=9002 -k exclude What would be the best way to approach this? I have a few other apps with similar issues. Thanks, --Ray