Keyloggers are useful when you want to record the keys pressed on your system. These utilities keep monitoring the keyboard device and log any key pressed. We will explore some keyloggers for Linux in this article.

1. logkeys

logkeys is the most well-known among Linux keyloggers and is available in the default repositories of many distros. The software is a bit old but still works (with best results for 105-key PC keyboards without Asian extensions). The logs are well formatted with timestamps.

To install on Ubuntu:

$ sudo apt-get install logkeys

To use logkeys, download the keymap closely matching your language and keyboard. I used en_GB.map.

Run logkeys as sudoer:

$ sudo logkeys -s -m en_GB.map -o ./keys // For US keymap $ sudo logkeys -s -u -o ./keys

logkeys options:

-s : start -m : specify keymap -o : log file path -u : use en_US keymap -d : device file -k : kill -? : help

You can start logkeys at system startup.

2. SKeylogger

Stands for Simple key logger. The utility is written in C and keeps reading the keyboard input device for new entries.

To install on Ubuntu:

$ git clone https://github.com/gsingh93/simple-key-logger $ cd simple-key-logger $ make

Run SKeylogger as root:

$ sudo ./skeylogger

The default log file is /var/log/skeylogger.log. SKeylogger supports few options:

-h : help -l : log file path -d : device file (/dev/input/eventX)

My own kernel module to log pressed keys in debugfs.