Auditbeat rules

Hi!
I have Auditbeat installed on a Linux machine and I want to receive logs for commands like systemctl stop / start syslog but it receives only for status. So, not all commands can be inspected in Kibana. Any idea what should I change?
Thank you!