What logging tools/methods do you recommend for the system that you are attacking from?
Aside from, exporting the command history from all terminals, tcpdumps, piping STDOUT, etc. does anybody save syslog data?
I want to ensure that I am saving the relevant stuff, but not overdoing it.
You seem to have the basics covered. For due diligence, I script all terminal windows and also stamp them at the beginning with date/time and IP address. The logs are written to a log directory with a projectname-dtg so I can refer back to it. I run tcpdump and write that to the same directory as the logs, with the same projectname-dtg and with a .pcap extension.
Legally and for your own analysis, that should be sufficient.
If you do a lot of work via gui/web interface, you may want to use a keylogger as well, so that information is captured as well.