Hi Mohammed,
sorry for not responding to you.
(I haven't marked the email notification field)
I see you already did as Andrew adviced you by configuring your syslogd.
It is indeed advisable to separate output of your daemons from the global syslog.log especially when you run them in the very verbose DEBUG level (but don't forget any applications that linger logging in debug mode, they'll pretty soon fill up your filesystems)
The sshd falls under the log facility daemon.
But as you noticed, it seems that the various SSH loglevels only care for the connection, authentification, and authorization phases (which is natural since this usually causes users and admins the most headache, if any)
If you really want to monitor what your users are doing, once they are logged in, I'd stick with T.G.'s suggestion and look for some auditing software plugin.
I'm afraid that I cannot help you with that because on our servers we don't really have the need for that (lucky us).
We don't have to host for real Unix users since all of the application users are database users that are managed by the DB engines, and don't require to have a Unix home and shell.
Madness, thy name is system administration
