I used the free Weblog tool provided by Ron Fowler. After testing it I downloaded the source files and changed it to also create log files for users and workstations, as we don't have ColdFusion like Ron does. Since then we have caught 25 students logging in as other students and 5 logging in as staff. We know there's more out there and now we're just sitting back and waiting.
The zipped file which includes source and executable for weblog. There is a readme.txt file in the zip file which explains a little bit about how we run it, eg. command line arguments.
We have one complete log file with seperate user and workstation log files so if we know if a workstation has been corrupted/hacked we can have a look at the log file for that computer and see who the last person logged into it.