Keystrokes sounds like overkill. It also records passwords in plaintext. No good.

Queries to sensitive DB endpoints are what you want to keep an eye on.