Look into auditd for logging execve() syscall instead. OSSEC can (directly) report or act on any thing reported through logs.
Look into auditd for logging execve() syscall instead. OSSEC can (directly) report or act on any thing reported through logs.