We use a third-party tool that uploads L3 rules via API every 5 minutes. These uploads are clogging up the changelogs. Out of the 5000 that are retained, this is taking up about 4500-4900 at any given time. The log comment notes the service that it comes from (first blurred field).

We are unable to reduce the rate at which these rules are uploaded. Rather than omit ANY logs from the API, is it possible to omit (or otherwise store elsewhere for auditing) the logs from this specific service via CLI/API? Or like there is the "syslogEnabled=false" tag in the PUT request to keep them out of syslog, is there another tag the service can append to omit these rules from the changelogs?

Desirable solutions:
1. Omit logs from this service completely

2. Omit logs from changes made by a designated user (specific to this service)

3. Divert logs from this service to another location

4. Increase changelog retention parameters