Well, a google search with the words "keystroke log mac" turned up a dozen or so. You should try that Google thing sometimes, it's really cool.
TypeRecorder seems to be the most popular, it works in OSX and earlier OS's.
One thing you must do is evaluate the SW in a quiet matter; nobody will like it if they think you're spying on them. This means you MUST pay the license fee or else the registration reminders that are going to pop up from time to time will clue them in.
A competing program, Monitorer, can be set to take periodic screenshots as well. I would be sure to use this very sparingly, because users might notice the CPU activity while it processes the graphic file.
You MUST lock down the Mac (ie enforce user passwords; place the application and the logs in an invisible folder (OSX) or make the application & log itself invisible (OS9 and earlier) and I would strongly suggest you encrypt the logs daily; perhaps an AppleScript would do it) because keyloggers are dangerous; users passwords, credit card information, etc will all be recorded.
If the Mac is used by the public, then the public can find the log file and read it if they look hard enough, and now you've compromised all the users.
Depending on the situation, you could also consider programs like Timbuktu or Apple Remote Desktop, which would allow you to monitor the screen remotely without creating such a potentially insecure file on the drive for the curious to hunt down.
Actually. Credit card or other such info is not the problem here. The age of user ranges from 14 to 21. All users require a login name. The problem is that someone or a group of someones is or are accessing unsuitable sites and passing various forms of graphic material around in the public forlders. No one seems to know quite how or who got it there or at least admit to why it is in thier public folder. They have the usual I gave Johnny my password because he forgot his. I guess I can understand why some parents might feel this in not appropriate computer use. I have since added a log book to record the users name, date and time of use. My plan is to match the user name and time with the inappropriately used password and gotchya. I appreciate all the legal advice, but I believe if I need a lawyer, google is a good place to start.
Mantat is correct in his statement that it is illegal to apply such monitoring software without notifying users prior to the use of your electronic network(s).
Monitoring keystrokes without notice could leave you open to legal liabilities that would be more uncomfortable than having porn in people's public folders.
I strongly urge you to consult legal advice and the privacy laws in your province before implementing such a monitoring initiative. The fact that you will primarily be monitoring minors may prove particularly problematic.
When they log on or something, you could pop up a dialog box, that lists the rules of the computer and somewhere in the middle of this long dialog box, you stick in the sentence, each computer is being monitored or something similar. I know my high school had that, and all but about 5 students didn't know there was a key stroke logger on the computers. The vast amount of information collected was never used, but was there in case proof of a crime or something similar was committed. Either that or have it on a piece of paper beside the computers, detailing the rules, no one reads EULA, but its in there they basically sign their life away as to the company not being liable for anything that happens in conjuction with the computer.
Assuming the legal objection brough up is valid (it may well be; as far as I know Canada's privacy laws don't affect most organisations & businesses until this January 2004, but there could easily be other statutes which cover keylogging on publicly accessed computers):
There are many ways to achieve your objective without resorting to keyloggers. (You asked, so I answered).
Certainly a warning screen is quite effective, even if it's not backed up by any means of enforcement.
Apple's Remote Desktop and Timbuktu will allow you to monitor the public screen at any time. from a remote computer.
NetBarrier is still around.
HenWen (OSX only) can prevent users from acessing questionable sites and p2p file sharing, and provides a complete log; it's also a first class defense against remote hackers. Free (Open Source UNIX application).
Also, I used to use WebWasher under OS9, it also can prevent access to questionable sites and p2p networks.
Keep in mind that there will be a creation date/time & modification date/time associated with every file (highlight and Command-I, also list views in the public folder) which should make it fairly easy to track down the logged in user.
I'm sure there are a number of solutions out there that others may be familiar with. If you have any old hardware laying around (and I mean OLD; we're talking 386/68030 or newer) you can set up a UNIX/Linux based firewall and very effectively control acess without affecting the speed of the protected computer. (The Internet, for all it's popularity, is child's play for even old processors to keep up with, provided you don't bog it down with Win3.1).
The firewall has the advantage that, since it's not running on the public computer itself, you don't have to deal with configuration issues with a bunch of login accounts, although initial steup will be a "learning experience".
I have some experience with multiple kid's logins in both WindowsXP and OSX; as administrator I never found it difficult to get a handle on who was doing what by a brief perusal of the user's directories and a quick glance at the cookie file (a real treasure trove of information).
When I did find some questionable behaviour, I just wrote a brief, non-threatening but firm note with the text editor and left it on the user's desktop.It would be sitting there the next time they logged in, and, as if by magic, those nasty files would be gone the next time I checked.
Getting the user to delete the files themselves is a genuine learning experience for them; it's a lot better than yelling or freaking out about it, but the behavior stops and they police themselves.
If you have a chronic problem with one or two users, perhaps a little meeting of all the users (say, you have to attend to keep your account) about it some evening or Saturday would work wonders. After the little presentation about the rules, etc., have a friendly police officer pop in the door and mention that they've been "alerted" by an "investigation" that this computer is the source of some bad stuff. No pointing fingers; nice and friendly-like. That will kill it (especially the loggin in under other user's accounts).