Auditd with the stig.rules how to NOT see daemon activite when the services is restart by a human after the boot of the server

Hello,

I am trying to put in place the auditing with the RHEL6 stig.rule (/usr/share/doc/audit-2.2/stig.rules) And my audit log become huge when I have to restart a service. 

Example:

If I have to stop/start my cfengine service after a reboot all the cfengine daemons have my uid  in the AUID field

and since my auid is >= 500 this create a lot of audit log ( principaly "key=perm_mod and key=delete from the stig rules).

I am logging to the server with my username by ssh  and after am i doing sudo su - to be able to become root and restarting the services.....

Here an example of the raw auditd log:

type=SYSCALL msg=audit(1353444110.407:105444): arch=c000003e syscall=90 success=yes exit=0 a0=7fff6407e140 a1=41ed a2=7fff6407f1d0 a3=7fff6407aec0 items=1 ppid=23962 pid=23963 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1265 comm="cf-agent" exe="/var/cfengine/bin/cf-agent" subj=unconfined_u:system_r:initrc_t:s0 key="perm_mod"
 

Do someone know if there is a way to restart admin service without having your uid in the auid field ?