Keystroke/Shell logging

Provide method to log (nearly) all keystrokes in a shell session.

Logging all keystrokes would capture passwords (as I have seen to my cost).

The ability to log every line entered in an interactive shell would be highly valuable from a security audit perspective.  Logged via a secure method of course to prevent tampering.  Via syslog if possible so that I can push it straight to a remote logging server.

Something like this - built straight into the OS - with good security, would be a real boost.  Everything I've tried thus far has had multiple drawbacks (such as capturing passwords in keystroke logging.