Keylogging, short for “keystroke logging” is the process of recording the keys struck on a keyboard, usually without the user’s knowledge.
Keyloggers can be implemented via hardware or software:
- Hardware keyloggers intercept data at the physical level (e.g., between the keyboard and computer).
- Software keyloggers, like LogKeys, capture keystrokes through the operating system.
This article explains how to use a popular open-source Linux keylogger called LogKeys for educational or testing purposes only. Unauthorized use of keyloggers to monitor someone else’s activity is unethical and illegal.
What is LogKeys?
LogKeys is an open-source keylogger for Linux that captures and logs keyboard input, including characters, function keys, and special keys. It is designed to work reliably across a wide range of Linux systems without crashing the X server.
LogKeys also correctly handles modifier keys like Alt
and Shift
, and is compatible with both USB and serial keyboards.
While there are numerous keylogger tools available for Windows, Linux has fewer well-supported options. Although LogKeys has not been actively maintained since 2019, it remains one of the more stable and functional keyloggers available for Linux as of today.
Installation of Logkeys in Linux
If you’ve previously installed Linux packages from a tarball (source), you should find installing the LogKeys package straightforward.
However, if you’ve never built a package from source before, you’ll need to install some required development tools first, such as C++ compilers and GCC libraries, before proceeding.
Installing Prerequisites
Before building LogKeys from source, ensure your system has the required development tools and libraries installed:
On Debian/Ubuntu:
sudo apt update sudo apt install build-essential autotools-dev autoconf kbd
On Fedora/CentOS/RHEL:
sudo dnf install automake make gcc-c++ kbd
On openSUSE:
sudo zypper install automake gcc-c++ kbd
On Arch Linux:
sudo pacman -S base-devel kbd
Installing LogKeys from Source
First, download the latest LogKeys source package using the wget command, then, extract the ZIP archive and navigate into the extracted directory:
wget https://github.com/kernc/logkeys/archive/master.zip unzip master.zip cd logkeys-master/
or clone the repository using Git, as shown below:
git clone https://github.com/kernc/logkeys.git cd logkeys
Next, run the following commands to build and install LogKeys:
./autogen.sh # Generate build configuration scripts mkdir build && cd build # Use a separate build directory ../configure # Configure the build make # Compile the source code sudo make install # Install binaries and man pages
If you encounter issues related to keyboard layout or character encoding, regenerate your locale settings:
sudo locale-gen
Usage of LogKeys in Linux
Once LogKeys is installed, you can begin using it to monitor and log keyboard input using the following commands.
Start Keylogging
This command starts the keylogging process, which must be run with superuser (root) privileges because it needs access to low-level input devices. Once started, LogKeys begins recording all keystrokes and saves them to the default log file: /var/log/logkeys.log
.
Note: You won’t see any output in the terminal; logging runs silently in the background.
sudo logkeys --start
Stop Keylogging
This command terminates the keylogging process that was started earlier, which is important to stop LogKeys when you’re done, both to conserve system resources and to ensure the log file is safely closed.
sudo logkeys --kill
Get Help / View Available Options
The follwing command will displays all available command-line options and flags you can use with LogKeys.
logkeys --help
Useful options include:
--start
: Start the logger--kill
: Stop the logger--output <file>
: Specify a custom log output file--no-func-keys
: Don’t log function keys (F1-F12
)--no-control-keys
: Skip control characters (e.g.,Ctrl+C
,Backspace
)
View the Logged Keystrokes
The cat command displays the contents of the default log file where LogKeys saves keystrokes.
sudo cat /var/log/logkeys.log
You can also open it with a text editor like nano or less
:
sudo nano /var/log/logkeys.log or sudo less /var/log/logkeys.log
Uninstall LogKeys in Linux
To remove LogKeys from your system and clean up the installed binaries, manuals, and scripts, use the following commands:
cd build sudo make uninstall
This will remove all files that were installed with make install, including the logkeys binary and man pages.
Conclusion
LogKeys is a powerful keylogger for Linux that enables users to monitor keystrokes in a variety of environments. Its compatibility with modern systems and ease of installation make it a valuable tool for security auditing, parental control testing, and educational research.
However, it’s crucial to emphasize that keylogging should only be used in ethical, lawful contexts—such as with explicit user consent or for personal system monitoring. Misuse can lead to serious legal consequences. Use responsibly and stay informed.
Hi, what if the remote terminal to which we have gained access does not have ‘su‘, ‘sudo‘, ‘apt‘ commands enabled? How then can we install your script?
Does this work only on the terminal — or also on websites and such?
Any insight on this issue —
https://github.com/kernc/logkeys/issues/163
all is good but in the log file i see gibrish. i dont know but it looks like yours. any idea how to fix it?
You’ll need to fix the character mapping as explained here https://github.com/kernc/logkeys/blob/master/docs/Keymaps.md
(I realize this is an old post but in case someone else comes across your question)
I’m not getting anything when entering sudo locale-gen. It just says Generating locales (this may take a while) then Generation complete.
I’m running Kali 2 Distro
@Anthony,
That means the command executed successfully, then you can use following command start logging keys:
You can Kill logkeys process by typing:
how to remove keylogger in cent os
@Amit,
If you’ve installed from source, just find and remove all files related to keylogger to complete remove it from system.
hai can u let me know how to install Monitor Keyboard Keystrokes Using ‘LogKeys’ in centos 6.6
@Venu,
The given instructions in this article, will also works on CentOS 6.6. Have you tried the steps? let me know..
Nice =), so far for my system security this happens when you boot my system without it’s special usb key i made for it….. automatically connects to nearest hotspot, connects to tor, enables sshd on tor as hidden service, pings my terminal via tor, starts capturing the screen via /dev/fb0 and takes pictures via the webcam and uploads them via tor to my terminal, 4 times a minute…. so having this makes the security so much more…… so many many thanks for such a useful things…. cheers….. __A
all thats missing now is package capture and mouse tracking….. bottom line, dont nick my laptop as i will be knocking on your door =)
Nice and very helpful article. I have done all the steps as in the post and but my log file is empty. Your help is much appreciated .
I tried installing logkeys in my vps Centos, but got the following error and could not find any solution :
===
checking for /dev/input… no
configure: error: Input event interface devices not found in expected location /dev/input/eventX !
===
please assist
try making the file at the specified location /dev/input/eventx manually with root permission and try to execute once again. Let us know.
I don’t understand the tutorial. I get all the way to the last part and that’s where it gets confusing. The log file does not represent what I typed. Even the picture that you have showing does not represent what YOU typed either. I don’t understand how to read the log file or what’s going on here?
Dear Henrx its the raw data which you can not use directly.
Thanks for the complete tutorial. It worked for me. But, how do we make the tracker automatically start everytime?
You may write a script and make it start automatically at System Boot.
Here is the Process Algo.
1. Write Script
2. sudo mv /script /etc/init.d/
3. sudo chmod +x /etc/init.d/script
4. sudo update-rc.d script defaults
#Script should now start on boot.
The script would be very simple, which will just trigger the command!
Hope it Helps
what is the script to auto start the keylogger
@Amit,
You mean auto start keylogger at system boot? if yes, then add the following command to /etc/rc.local file to auto start at system boot..
[root@localhost logkeys-0.1.1a]# locale-gen
bash: locale-gen: command not found
[root@localhost logkeys-0.1.1a]#
On which distro you’re trying?
Er… Chris Jones.. that was… no “T”… :-)
Sorry chris unable to understand you.
will you be more clear please!
I appreciate your effort. The problem as I see it is that at the end of the day logkeys provides heaps of raw data in a hard-to-read format. Not directly useable. Aren’t there any tools that can be run against a logkeys log file that give some idea of what you did during the day… (not limited to e.g.) stuff like… total number of key presses… total number of times each key was pressed… for each key pressed.. what percentage of the total it accounts for.. times when you were actually typing.. typing speed… total time you actually typed… etc. ? these are just a few examples of stuff that comes to mind without giving it much thought… so there’s surely a lot more… Naturally it would be nice to have the possibility to graph all those stats… If such tools are not available the only purpose of the logkeys program would appear to let someone with administrator privileges snoop on whatever other users of the system are typing.
hahaha
hello
please replace
../configure > ./configure
locale-gen > sudo locale-gen
logkeys s > sudo logkeys – s
Yeah! thanks for correcting, those were typos..:)