logkeys is a reliable GNU/Linux keylogger that captures all common keystrokes with awareness of Shift and AltGr modifiers, running as a covert daemon.
:memo: :keyboard: A GNU/Linux keylogger that works!
logkeys is primarily used for monitoring and logging keystrokes on Linux systems, useful for security researchers, penetration testers, or system administrators who need to detect unauthorized input or investigate user activity. It is designed to run stealthily as a daemon, capturing keyboard input without crashing the X environment or repeating keys unreliably.
Running logkeys requires root privileges or setuid root helper programs to access input devices. Proper locale settings (UTF-8) are critical for accurate character logging, especially with Shift and AltGr keys. Users should verify the correct input event device to avoid empty logs or errors. Use responsibly and ethically, as keyloggers can capture sensitive information.
Refer to the INSTALL file for detailed installation and build notes
Build the software according to instructions in INSTALL
Ensure you have root privileges to install setuid root helper programs
Test the program manually by creating a test log file
Run logkeys with appropriate device and locale settingslogkeys --start --output test.log
Starts the keylogger and outputs keystrokes to test.log
tail --follow test.log
Follows the log file in real-time to monitor captured keystrokes
logkeys --kill
Stops the running keylogger daemon
bin/llk
Starts the logkeys daemon quickly and covertly using setuid root helper
bin/llkk
Kills the logkeys daemon quickly and covertly using setuid root helper
logkeys --device /dev/input/eventX
Manually specifies the input event device to be used for keylogging
logkeys --export-keymap my_lang.keymap
Exports the current keymap for localization or troubleshooting