I understand that.  I should have clarified more.  Is there any way of altering the firmware code for rommon to provide some kind of notification? SDK? Thanks. 

My post wasn't mean to offend.

The appliance won't be able to tell you that it's gone to ROMmon because it doesn't have the vital information:  local address and remote address.

However, the machine will tell you if someones invoked the reload command. 

No offence taken.  Yeah I can log that but what I'm ultimately trying to alert on is if someone unauthorized gets physical access to the router and performs a password recovery.  The commands (configreg and reset) entered while in rommon do not get logged and as you know the result after the reboot is privilege exec mode to the router, providing access to the startup config and essentially a fully compromised router should an unauthorized individual chose to leverage it.  I can have a log message generated for the cold restarts but that in and of itself is not enough in my mind to indicate that a possible compromise has occured.  The cold restart log message coupled with a configreg log message would be a pretty good indication of something suspicious.  A copy start run (which can also generate a log message) would just further solidify my resolve of something suspicious occuring.  The key though in my mind is somehow alerting on the rommon commands invoked.  Oh well, if you think of something else, I'm all ears.  Thanks for your replies though.