diff -urN openssh-2.3.0p1-orig/Makefile.in openssh-2.3.0p1/Makefile.in
--- openssh-2.3.0p1-orig/Makefile.in	Sun Nov  5 21:13:45 2000
+++ openssh-2.3.0p1/Makefile.in	Sat Feb 17 14:01:37 2001
@@ -39,9 +39,9 @@
 
 LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o
 
-SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o log-client.o readconf.o clientloop.o
+SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o log-client.o readconf.o clientloop.o account.o
 
-SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-skey.o auth2-skey.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o dh.o pty.o log-server.o login.o loginrec.o servconf.o serverloop.o md5crypt.o session.o
+SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-skey.o auth2-skey.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o dh.o pty.o log-server.o login.o loginrec.o servconf.o serverloop.o md5crypt.o session.o account.o
 
 TROFFMAN	= scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8 sftp-server.8
 CATMAN		= scp.0 ssh-add.0 ssh-agent.0 ssh-keygen.0 ssh.0 sshd.0 sftp-server.0
diff -urN openssh-2.3.0p1-orig/account.c openssh-2.3.0p1/account.c
--- openssh-2.3.0p1-orig/account.c	Thu Jan  1 00:00:00 1970
+++ openssh-2.3.0p1/account.c	Sat Feb 17 20:11:08 2001
@@ -0,0 +1,33 @@
+/*
+ * account.c:
+ * Accounting for sshd.
+ *
+ * Copyright (c) 2001 Chris Lightfoot. All rights reserved.
+ *
+ */
+
+static const char rcsid[] = "$Id: openssh-2.3.0p1-accounting.patch,v 1.1.1.1 2001/03/23 14:33:06 chris Exp $";
+
+#include <sys/types.h>
+#include <stdlib.h>
+
+#include "ssh.h"
+
+size_t total_read, total_written;
+char *acct_user;
+
+void acct_reset() {
+    total_read = total_written = 0;
+}
+
+void acct_add(size_t r, size_t w) {
+    total_read += r;
+    total_written += w;
+}
+
+void acct_report() {
+    if (acct_user) {
+        if (total_read || total_written) log("account: user:%s wrote:%lu read:%lu", acct_user, total_written, total_read);
+        total_read = total_written = 0;
+    }
+}
diff -urN openssh-2.3.0p1-orig/auth2.c openssh-2.3.0p1/auth2.c
--- openssh-2.3.0p1-orig/auth2.c	Sat Oct 28 10:05:57 2000
+++ openssh-2.3.0p1/auth2.c	Sat Feb 17 20:10:24 2001
@@ -300,6 +300,9 @@
 	    get_remote_port());
 }
 
+/* chris-- accounting. */
+extern char *acct_user;
+
 void   
 userauth_reply(Authctxt *authctxt, int authenticated)
 {
@@ -318,6 +321,10 @@
 		packet_write_wait();
 		/* now we can break out */
 		authctxt->success = 1;
+
+                /* chris-- record authenticated user. */
+                if (acct_user) free(acct_user);
+                if (authctxt->user) acct_user = strdup(authctxt->user);
 	} else if (authenticated == 0) {
 		char *methods = authmethods_get();
 		packet_start(SSH2_MSG_USERAUTH_FAILURE);
diff -urN openssh-2.3.0p1-orig/channels.c openssh-2.3.0p1/channels.c
--- openssh-2.3.0p1-orig/channels.c	Sat Oct 28 03:19:58 2000
+++ openssh-2.3.0p1/channels.c	Sat Feb 17 20:03:21 2001
@@ -302,7 +302,8 @@
 }
 
 /* Free the channel and close its fd/socket. */
-
+/* chris-- accounting; we account individual channels. */
+void acct_report();
 void
 channel_free(int id)
 {
@@ -325,6 +326,7 @@
 		xfree(c->remote_name);
 		c->remote_name = NULL;
 	}
+        acct_report();
 }
 
 /*
diff -urN openssh-2.3.0p1-orig/log-server.c openssh-2.3.0p1/log-server.c
--- openssh-2.3.0p1-orig/log-server.c	Sat Sep 16 02:29:09 2000
+++ openssh-2.3.0p1/log-server.c	Sat Feb 17 13:26:10 2001
@@ -51,7 +51,8 @@
 
 static LogLevel log_level = SYSLOG_LEVEL_INFO;
 static int log_on_stderr = 0;
-static int log_facility = LOG_AUTH;
+/* chris-- direct ssh logging methods into /var/log/ssh, via LOCAL0. */
+static int log_facility = LOG_LOCAL0;
 
 /* Initialize the log.
  *   av0	program name (should be argv[0])
diff -urN openssh-2.3.0p1-orig/packet.c openssh-2.3.0p1/packet.c
--- openssh-2.3.0p1-orig/packet.c	Sat Oct 14 05:23:12 2000
+++ openssh-2.3.0p1/packet.c	Sat Feb 17 13:57:54 2001
@@ -68,6 +68,9 @@
 #define DBG(x)
 #endif
 
+/* chris-- prototypes for accounting functions. */
+void acct_add(size_t, size_t);
+
 /*
  * This variable contains the file descriptors used for communicating with
  * the other side.  connection_in is used for reading; connection_out for
@@ -1021,6 +1024,7 @@
 packet_process_incoming(const char *buf, unsigned int len)
 {
 	buffer_append(&input, buf, len);
+        acct_add(len, 0);
 }
 
 /* Returns a character from the packet. */
@@ -1182,6 +1186,7 @@
 				fatal("Write failed: %.100s", strerror(errno));
 		}
 		buffer_consume(&output, len);
+                acct_add(0, len);
 	}
 }
 
diff -urN openssh-2.3.0p1-orig/session.c openssh-2.3.0p1/session.c
--- openssh-2.3.0p1-orig/session.c	Sat Oct 28 03:19:58 2000
+++ openssh-2.3.0p1/session.c	Sat Feb 17 20:07:41 2001
@@ -111,6 +111,9 @@
 	int	chanid;
 };
 
+/* chris-- accounting. */
+void acct_report();
+
 /* func */
 
 Session *session_new(void);
@@ -207,6 +210,10 @@
  * terminals are allocated, X11, TCP/IP, and authentication agent forwardings
  * are requested, etc.
  */
+
+/* chris-- accounting. */
+extern char *acct_user;
+
 void
 do_authenticated(struct passwd * pw)
 {
@@ -242,6 +249,10 @@
 	s = session_new();
 	s->pw = pw;
 
+        /* chris-- save username for accounting. */
+        if (acct_user) free(acct_user);
+        acct_user = strdup(pw->pw_name);
+
 #if defined(HAVE_LOGIN_CAP) && defined(HAVE_PW_CLASS_IN_PASSWD)
 	if ((lc = login_getclass(pw->pw_class)) == NULL) {
 		error("unable to get login class");
@@ -488,6 +499,9 @@
 #endif /* USE_PAM */
 
 	/* Fork the child. */
+        
+        /* chris-- account all traffic used prior to fork. */
+        acct_report();
 	if ((pid = fork()) == 0) {
 		/* Child.  Reinitialize the log since the pid has changed. */
 		log_init(__progname, options.log_level, options.log_facility, log_stderr);
@@ -601,6 +615,9 @@
 #endif /* USE_PAM */
 
 	/* Fork the child. */
+        /* chris-- account all traffic used prior to fork. */
+        acct_report();
+                        
 	if ((pid = fork()) == 0) {
 		/* Child.  Reinitialize the log because the pid has changed. */
 		log_init(__progname, options.log_level, options.log_facility, log_stderr);
diff -urN openssh-2.3.0p1-orig/sshd.c openssh-2.3.0p1/sshd.c
--- openssh-2.3.0p1-orig/sshd.c	Sat Oct 14 05:23:13 2000
+++ openssh-2.3.0p1/sshd.c	Sat Feb 17 19:57:46 2001
@@ -79,6 +79,10 @@
 #define O_NOCTTY	0
 #endif
 
+/* chris-- prototypes for accounting functions. */
+void acct_reset();
+void acct_report();
+
 /* Server configuration options. */
 ServerOptions options;
 
@@ -962,6 +966,7 @@
 						close_listen_socks();
 						sock_in = newsock;
 						sock_out = newsock;
+
 						log_init(av0, options.log_level, options.log_facility, log_stderr);
 						break;
 					}
@@ -991,6 +996,9 @@
 
 	/* This is the child processing a new connection. */
 
+        /* chris-- start accounting. */
+        acct_reset();
+
 	/*
 	 * Disable the key regeneration alarm.  We will not regenerate the
 	 * key since we are no longer in a position to give it to anyone. We
@@ -1102,6 +1110,9 @@
 #endif /* USE_PAM */
 
 	packet_close();
+
+        acct_report();
+        
 	exit(0);
 }