Can some body help me here to find a rule/ solution to audit only commands are its arguments executed by users and  root . I dont need any more other events audited  since that can fill my free space .

Please help me here
--
Thanks & Regards,
Praveen M S