iplog is a TCP/IP traffic logger. Currently, it is capable of logging TCP, UDP, and ICMP traffic. iplog is able to detect TCP port scans, TCP null scans, FIN scans, UDP and ICMP "smurf" attacks, bogus TCP flags, TCP SYN scans, TCP "Xmas" scans, ICMP ping floods, UDP scans, and IP fragment attacks. iplog is able to run in promiscuous mode and monitor traffic to all hosts on a network. iplog uses libpcap to read data from the network and can be ported to any system that supports pthreads and on which libpcap will function.
oidentd is an RFC 1413 compliant ident daemon which runs on Linux, FreeBSD, NetBSD, Darwin, OpenBSD, and Solaris. It can handle IP masqueraded/NAT connections on Linux, FreeBSD, NetBSD, and OpenBSD, and it has a flexible mechanism for specifying ident responses. Users can be granted permission to specify their own ident responses. Responses can be specified according to host and port pairs.
pork is an ncurses-based AOL instant messenger client. It uses the OSCAR protocol (the one the Windows client uses) to access AIM. Pork features Perl scripting, an online help system, the ability to configure nearly all aspects of the program's look and feel, an alias system, and a powerful, fully configurable key binding system. It supports being logged in with more than one screen name at the same time. The default look and feel of the client is modeled after the ircII IRC client. Anyone comfortable using ircII (or any clients derived from it, e.g. epic, BitchX, etc.) will feel comfortable using pork.
A user can get around the logging by creating a shared library that wraps the calls to syslog() and openlog() to do something useless, then preload that library and spawn a new shell.
Wouldn't BSD process accouting be more suitable to do this sort of logging.