snooping ssh sessions

[pao <pao () linux netline it>]

Hi all!
        I've got a specific problem: I'd like to log, in a centralized
and efficient way, all the activity performed by a set of users on a
set of boxes.

The basic idea was to setup a bridge box and to limit the access to the other
hosts to that specific "bridge" host. The access to the box is via ssh only.

I was  considering using FreeBSD and "watch" or "termlog" to log all sessions.
That has the great advantage to log what happens even if the user ssh or telnet
out the "bridge" box.

But it has a major drawback: it doesn't log input, only input echo.

Try this to understand what I mean:

#! /bin/sh
stty -echo
read test
eval $test

The question is: is there any clever way to setup a snooping "bridge" host?
Is there a way to log both raw input and output data streams?
Is there any tool to "replay" the logs?

        Thanks
        Pao

P.S. Please cc the answer to me as well since I've not joined the list