How to Monitor Keyboard Keystrokes Using ‘LogKeys’ in Linux

Key Logging is the process of storing keystrokes with/without the knowledge of user. Keylogging can be hardware based as well as software based. As clear from the name, a hardware based keylogger does not depends upon any software and keystroke logging is done at hardware level itself. Whereas a software based keylogger depends upon a special software for keylogging.

There are number of keylogger software applications for almost all the platforms be it Windows, Mac, Linux. Here we are throwing light on an application package called Logkeys.

What is Logkeys?

Logkeys is a Linux keylogger. It is more updated than any other available keylogger, Moreover logkeys don’t crash the X server, and appears to work in all the situations. Logkeys creates a log of all characters and function keys. Moreover logkeys are aware of Alt and Shift and works well with serial as well as USB keyboards.

There are a lot of keyloggers available for Windows but this is not the case with Linux. Logkeys is not better than any other keylogger application for Linux but certainly it is more updated than other.

Installation of Logkeys in Linux

If you’ve ever installed a Linux tarball packages from source, then you can easily install logkeys package. If you haven’t ever installed a package in Linux from source yet, then you need to install some missing packages like C++ compilers and gcc libraries before proceeding for installation from source.

$ sudo apt-get install build-essential		[on Debian based systems]
# yum install gcc make gcc-c++			[on RedHat based systems]

Let’s proceed for the installation, first grab the latest logkeys source package using wget command or use git to clone it as shown:

-------------------- Download Source Package -------------------- 
$ wget
$ unzip  
$ cd logkeys-master/   


-------------------- Use Git to Clone -------------------- 
$ git clone
$ cd logkeys

Now build and install logkeys.

$ ./
$ cd build         
$ ../configure
$ make
$ sudo make install 

Now run the locale-gen.

$ sudo locale-­gen
Sample Output
Generating locales (this might take a while)...
  en_AG.UTF-8... done
  en_AU.UTF-8... done
  en_BW.UTF-8... done
  en_CA.UTF-8... done
  en_DK.UTF-8... done
  en_GB.UTF-8... done
  en_HK.UTF-8... done
  en_IE.UTF-8... done
  en_IN.UTF-8... done
  en_NG.UTF-8... done
  en_NZ.UTF-8... done
  en_PH.UTF-8... done
  en_SG.UTF-8... done
  en_US.UTF-8... done
  en_ZA.UTF-8... done
  en_ZM.UTF-8... done
  en_ZW.UTF-8... done
Generation complete.

Usages of logkeys

  1. logkeys ­s : Start logging keypress.
  2. logkeys ­k : Kill logkeys process.

For detailed information of logkeys usages option, you can always refer to.

# logkeys –help


# man logkeys

Starting the application logkeys using the following command.

$ sudo logkeys ­-s

Now running a lot of commands.

# ls
# pwd
# ss
# ifconfig

Terminate the process logkeys.

# logkeys -k

Check the log file which by default is ‘/var/log/logkeys.log‘.

# nano /var/log/logkeys.log
Keyboard Track in Linux
LogKey Logs

To uninstall logkeys, remove all scripts and manuals:

$ sudo make uninstall # in the same build dir

Future Developments Planned

  1. To add support for sending logs via email
  2. To add support for logging clipboard content
  3. To add support for mouse event/mouse click event


All the information provided is strictly for educational purpose, Tweaking this article by any means or using the above information to log others users machine is against law and punishable. That’s all for now. Don’t forget to provide us with your valuable feedback. Stay tuned, healthy and connected to Tecmint for more Linux and FOSS news.

Ravi Saive
I am an experienced GNU/Linux expert and a full-stack software developer with over a decade in the field of Linux and Open Source technologies

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.


Leave a Reply
  1. Hi, what if the remote terminal to which we have gained access does not have ‘su‘, ‘sudo‘, ‘apt‘ commands enabled? How then can we install your script?

  2. I’m not getting anything when entering sudo locale-gen. It just says Generating locales (this may take a while) then Generation complete.
    I’m running Kali 2 Distro

    • @Anthony,
      That means the command executed successfully, then you can use following command start logging keys:

      # logkeys ­s

      You can Kill logkeys process by typing:

      # logkeys ­k
  3. Nice =), so far for my system security this happens when you boot my system without it’s special usb key i made for it….. automatically connects to nearest hotspot, connects to tor, enables sshd on tor as hidden service, pings my terminal via tor, starts capturing the screen via /dev/fb0 and takes pictures via the webcam and uploads them via tor to my terminal, 4 times a minute…. so having this makes the security so much more…… so many many thanks for such a useful things…. cheers….. __A
    all thats missing now is package capture and mouse tracking….. bottom line, dont nick my laptop as i will be knocking on your door =)

  4. Nice and very helpful article. I have done all the steps as in the post and but my log file is empty. Your help is much appreciated .

  5. I tried installing logkeys in my vps Centos, but got the following error and could not find any solution :
    checking for /dev/input… no
    configure: error: Input event interface devices not found in expected location /dev/input/eventX !

    please assist

    • try making the file at the specified location /dev/input/eventx manually with root permission and try to execute once again. Let us know.

  6. I don’t understand the tutorial. I get all the way to the last part and that’s where it gets confusing. The log file does not represent what I typed. Even the picture that you have showing does not represent what YOU typed either. I don’t understand how to read the log file or what’s going on here?

    • You may write a script and make it start automatically at System Boot.

      Here is the Process Algo.

      1. Write Script
      2. sudo mv /script /etc/init.d/
      3. sudo chmod +x /etc/init.d/script
      4. sudo update-rc.d script defaults

      #Script should now start on boot.

      The script would be very simple, which will just trigger the command!
      Hope it Helps

  7. I appreciate your effort. The problem as I see it is that at the end of the day logkeys provides heaps of raw data in a hard-to-read format. Not directly useable. Aren’t there any tools that can be run against a logkeys log file that give some idea of what you did during the day… (not limited to e.g.) stuff like… total number of key presses… total number of times each key was pressed… for each key pressed.. what percentage of the total it accounts for.. times when you were actually typing.. typing speed… total time you actually typed… etc. ? these are just a few examples of stuff that comes to mind without giving it much thought… so there’s surely a lot more… Naturally it would be nice to have the possibility to graph all those stats… If such tools are not available the only purpose of the logkeys program would appear to let someone with administrator privileges snoop on whatever other users of the system are typing.


Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.