Good day to you.
I know there's some variations of my question here, but they are a bit different I assure you.
We use terminal servers that our admins connect to and then establish ssh connections to other servers. We needed to audit their actions, that's why I used modified ssh daemon that logs sessions into script-format files. I've been using that patch http://www.kdvelectronics.eu/ssh-logging/ssh-logging.html . It has some drawbacks though. First, that patch wasn't updated for some time, I've managed to modify it to work for ssh-4.7, but openssh seriously changed in 5th version. Second, almost everybody uses GNU Screen and its control characters make session logs somewhat difficult to understand.
Then I've tried ttyrpld, but it needs kernel module and after some time it just stopped logging.
After that, pam_tty_audit, although it's easy to install and use, that project doesn't really solve my problem.
What I really need, something that logs only user input, can't be overridden and doesn't require rocket science knowledge to install and support.
Best Answer
I'm sure you've seen it, but this question has a lot of suggestions for session logging - screen logging being possibly the best suggestion for your case. It may be necessary to slightly alter business practices to meet logging requirements, as no terminal logging software seems to exactly match (often diverse) demands.