Is LAuS active?
The Linux Auditing Subsystem, or LAuS, provides a central security event monitoring technology. It logs security-relevant kernel subroutine calls, or syscalls, including the parameters the syscalls are called with and the success or failure-related return code. The relevant system daemon is auditd.