Willy,
Good afternoon. Yes the PAM SC agent you have installed has a service called kblaudit which is a keylogger for sessions. If you review in the seos.ini you'll find the various token including the one to enable the service within the KBLAudit Section. To review what was logged you will still use seaudit utilizing the -kbl switch. Additional details on the switches for that can be found in Seaudit command