As you might have guessed, logging is not without problems. Especially the usage and appliance of this software might be limited by local law. (The software itself is, of course, not affected.)

1. Local law might not allow monitoring users at all.
2. Local law might allow monitoring, to some kind of degree
3. If monitoring is allowed, you may need to notice your users about this
4. Different kinds of environments have different monitoring restrictions, e.g. home, within companies, educational and/or governmental institutions, a company's shell services
5. Monitoring is usually limited (maybe not by law, but through contracts) if the users are allowed to do private things
6. Monitoring even private data might be granted (not necessarily!) if you (as sysadmin) can guarantee that any data captured whatsoever is only ever used in cases of abuse or suspected abuse.

Please consult a lawyer if you are uncertain about your status.

Despite all this limiting, there are reasons to actively use it in a production system.

• Intruders. There have been several recent comprimises, e.g. at FSF (November 02 2003), Debian (November 19 2003) and Gentoo (December 08 2003, http://www.gentoo.org/news/en/gwn/20031208-newsletter.xml)
• Limited usage. ISPs could use this as a usage tracker for e.g. a paid shell service. In this case, no data is captured, but only bytes counted.
• Cooperative usage. Multiple administrators are working on the system and either do not notify the others of their changes, or make decisions that are later regarded as wrong by the group and they try to reverse it.
• Post-job tracking. I have seen a lot of places where users had to hand over [superuser or normal] permissions to a friend or even stranger on the internet just because of the complexity of a certain task, or because of certain data not available to do it yourself. By doing so, you give away some responsibility and as such, are able to hold others resposible for making errors. ttyrpld gives you the proof for lawsuits.