Is there nice way to get more logging for all su – logins? pam?
My suggestion would be logwatch. If you do not need a real time solution. You can have the server email you a nightly report that will include the day before su access.
What exactly do you want to be logged?
I get entries in /var/log/secure
Aug 28 00:38:51 xxx su: pam_unix(su-l:session): session opened for user root … Aug 28 00:39:23 xxx su: pam_unix(su-l:session): session closed for user root
I also get entries in /var/log/audit/audit.log, these are probably more trustworthy.