How do I configure auditd to print the ppid name, not just the ppid?

OS is Debian. I have set up auditd to try and determine what is rebooting a system. I have the following rule: -a exit,always -F arch=b64 -S execve -F path=/bin/systemctl -k debug_test Creating a rule for /usr/sbin/reboot doesn't work, since it's a symlink to /bin/systemctl, but this rule works perfectly, it captures every time a reboot command is executed. I can then search for these reboots with command: ausearch -k debug_test | grep reboot. (Note the rule key doesn't contain the string "reboot", since that is what I need to grep for) However, this just prints the ppid of the process responsible, I am looking for the process name of the ppid. Is it possible to configure auditd to log this? Or would I have to write some kind of daemon that logs all pids + process names every 15 seconds or so?