Patrick Keisler shows how to create a SQL Server audit file for xp_cmdshell usage:
This article assumes you already have a basic understanding of SQL Server Audit, but if not, use this link to catch up on all the details.
Are you required to have xp_cmdshell enabled on one of your servers? If so, then setup a SQL Audit now to track its use. Never mind the implications of enabling xp_cmdshell, as a DBA you are responsible for what happens on your servers and tracking the use of xp_cmdshell should be a priority.
Some smart people will tell you to disable xp_cmdshell altogether, but I don’t like that advice at all. Auditing usage can give you more peace of mind while not limiting your ability to use a valuable tool.