Update: GreeenLog now supports 64-bit Ubuntu
Why Use a Keylogger?
I was volunteering as a health insurance advisor when I first decided I wanted a keylogger. I reported client contacts via a web interface that would constantly timeout while I was typing. Upon clicking “Submit”, my data would become lost in cyberspace. When I remembered, I would copy the data to the clipboard first, but even then, if I accidentally hit Ctrl+C again instead of Ctrl+V to paste from the clipboard, all the data would still be lost. If only I could record everything that I typed, I would never have to worry about losing my data again.
There are several other reasons to have a personal keylogger. Install one on your home PC and tell your kids it’s there, just to keep them honest while they’re browsing the web. Help yourself remember where you found that really interesting web page yesterday. Retrieve the text from the document you prepared after it closed without saving. These are just a few examples. It can be very helpful. Yes, keyloggers catch passwords too. However, as long as you keep your PC safe from intrusion behind a firewall, the data in your keylogger database is as safe as your flatscreen TV.
Greeenlog
Greeenlog is my Keylogger for Linux. I have used an excellent C++ keylogger named logkeys and I have used pykeylogger, but Greeenlog is my favorite. Of course, I’m biased. You can decide for yourself. Here are the features:
- Keylogger
- My keylogger is written in pure python, does not use external modules, connects directly to the keyboard driver, and was heavily inspired by Micah Dowty’s evdev module. (Now updated to support 64-bit Ubuntu).
- Web Monitor
- Packet capture powered by libpcap via the pypcap module allows you to see every HTTP GET request sent from your computer over the active network interface. I have integrated a method I learned from R. Bhavesh to continuously check for the networking device actually in use, so no traffic is missed. To clear up the clutter captured by most packet sniffers, I developed custom filters to isolate (mostly) the specific requests you would see in the address bar of your browser.
- Screenshots
- Thanks to PyGTK, I was able to easily take a screenshot with each capture, and I used the Python Imaging Library to resize it and save it in the database.
- Clipboard Text
- Yes, I even catch periodic glimpses of the clipboard, again thanks to PyGTK.
- Idle
- Looking through a database full of empty data to find something useful is frustrating. Thanks to Jean Schurger, I’ve integrated a method to check the idle time in X. Nothing will be logged when the computer is idle.
- SQLite Database
- Data collected by Greeenlog is stored in a SQLite database, rather than a text file as other Linux keyloggers tend to do. You can then read the data with my custom viewer, as demonstrated below.
- Information Assurance
- Before storage in the database, collected data is analyzed by a security algorithm (SHA1) to produce a Hash-based Message Authentication Code (HMAC), which is stored with the data. When you view the data in my custom viewer, the HMAC is re-calculated and compared to the original to ensure the data has not been altered. You will be alerted if someone tech-savvy has deleted information from the database to cover their tracks. For the same reasons, I also record system uptime and compare it side-by-side with keylogger uptime (that’s the time, in seconds, the system/program has been running). If the times don’t match, you know someone killed Greeenlog and then restarted it later.
- Graphical User Interface
- My custom database viewer is built with wxPython, as is the control dialog that appears when you press the secret key combination (Right ALT + Right CTRL + g). You can use the control dialog to kill the application, change settings, or change your password. The control dialog is password protected, and I used HMAC for password authentication, so the password does not need to be stored anywhere on your file system.
- Archive Management
- Database files are automatically named by date and stored in the Archive. Old files are automatically deleted from the archive. The database for one day is only about 5.3 MB, even after taking a screenshot every 10 minutes.
Weaknesses
There are several things I would improve about this application if I had more time to spend on it. The GUI is as simple as they get, for one thing. I would like to add some features to the viewer. Also, there are not nearly enough options. The only thing the user can change at this point is the logging interval. I’d also like to work on security a little more. I’ve actually written encryption methods for the database files (included in the utils.py file), but I haven’t implemented them yet.
Requirements
I developed Greeenlog to run on Ubuntu linux, but it will probably run on any linux distribution that uses the GNOME Display Manager. I guarantee it will not run on Windows. You will also need to have the following software installed:
- Python
- The whole application is written in Python. I specify version 2.6 at the top of all my files, they would all probably run fine on an earlier version. This is installed by default on Ubuntu.
- pypcap
- Python extension module for libpcap. Get it on Ubuntu with sudo apt-get install python-pypcap.
- PyGTK
- Graphical User Interface module I use to interface with GNOME. Get it on Ubuntu with sudo apt-get install python-gtk2.
- wxPython
- Python binding for the wxWidgets GUI toolkit. If it isn’t already installed on your version of ubuntu, you can get it with sudo apt-get install python-wxgtk2.8.
- Python Imaging Library (PIL)
- Image processing for Python. If you don’t have this installed already, get it in Ubuntu with sudo apt-get install python-imaging.
Download and Installation
Disclaimer: Greeenlog is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. That being said, I might be a bit of an amateur in some ways, but I am not a hacker. The software I’ve uploaded does not contain malware, and the program will not attempt to leak your personal information.
If you choose to try this, all you have to do is download greeenlog-0.6.1.tgz using the button below, extract it, and run the file called main.pyw. Assuming you’ve met all the dependencies above, it should run perfectly. Just make sure you run it with elevated priveleges (sudo), because you can’t run a packet sniffer / keylogger without elevated priveleges. You wont see anything until you use the top secret key combination (Right ALT + Right CTRL + g). Also, nothing will be logged for about 10 minutes, so the logviewer wont really have anything to display for the first 10 minutes. Be patient. If the program runs from the terminal without any errors, then you’re in business.
If you want more detailed instructions, download greeenlog using the link above, save it to your Desktop, and follow along (keeping in mind to replace X with the appropriate version number):
Open a terminal and run:
~$ cd Desktop ~/Desktop$ tar zxvf ./greeenlog-0.X.X.tar.gz ./greeenlog-0.X.X/ ./greeenlog-0.X.X/keylog.ico ./greeenlog-0.X.X/african.ttf ./greeenlog-0.X.X/keylog.py ./greeenlog-0.X.X/controls.py ./greeenlog-0.X.X/GNU_GPL_3_license.txt ./greeenlog-0.X.X/utils.py ./greeenlog-0.X.X/logviewer.pyw ./greeenlog-0.X.X/main.pyw ./greeenlog-0.X.X/logger.py ~/Desktop$ sudo ./greeenlog-0.X.X/main.pyw
At this point, the program should be running. If you see errors instead, ensure you have all the dependencies installed. If the program is running correctly, you’ll be able to open the control dialog with the key combination (Right ALT + Right CTRL + g). If it doesn’t work, sorry. Troubleshoot it if you can. If it does work, you might want to store it in a better location and set it up to start at login. Here’s where I keep it:
~/Desktop$ sudo mkdir /usr/local/greeenlog ~/Desktop$ sudo mv ./greeenlog-0.X.X/* /usr/local/greeenlog/
Note: If you’ve previously installed an earlier version of GreeenLog, you must delete all the files from the previous version before re-installing in the same directory!
Now, to make it run at login is a bit tricky, because it needs to run with elevated privileges, which usually requires that you enter your password. I have outlined a workaround for this problem on this page: Run Application as Root at Startup. Just follow the directions and you’ll be ready to log!
thanks for a great keylogger!
Hi, great work! I use Ubuntu Lucid 64bit and this is so far the only of the early mentioned keyloggers that works. I have one question though, it does not log the keyboard – is it maybe because it’s an USB keyboard?
It’s nice to know my keylogger is working for someone else. I’m disappointed to hear it’s not logging keystrokes though. It very well could be because my method for finding your keyboard device driver wasn’t effective for a USB keyboard. It should work if you add the driver manually. Try looking up your keyboard device driver from the terminal with this:
sudo cat /var/log/Xorg.0.log | grep /dev/input/event | egrep -i 'keyboard|kbd'
You should see which device driver is used for your keyboard. It should be /dev/input/event5 or something similar with a different number. If this was effective, then you can modify my program to default to your specific device driver. I’m not sure where you put the program, but if you have placed it in /usr/local/greeenlog as I have, then you can open the file that needs editing from the terminal with: sudo gedit /usr/local/greeenlog/utils.py. Regardless, open the file called utils.py and look on line 119. You should see something like this:
if found_device == True: return device else: return NoneModify that last line and change it from return None to return “/dev/input/event5″ (substitute with your specific device driver number of course). Then save the file and exit. Make sure you have quit the keylogger then restart it. You can run it from the terminal with sudo /usr/local/greeenlog/main.pyw (substitute with the location you chose) so that any error messages will be displayed. Hopefully, after 10 minutes or whatever you set the logging interval to, you will now have keystrokes captured. If you do, please let me know! If not, please let me know that too and any error messages you received. Thanks for the feedback and good luck.
Hi, it works perfect for me. Thanks!
Just one question: are there any other sources that can confirm this application is not ‘evil’?
Hanzzz, I’m happy to hear that this works for you. If you ask most Linux users, they will probably tell you that any keylogger is ‘evil’. If you mean to ask if this program contains any unadvertised malware, then unfortunately the answer is no, right now there are no other sources I can give you to confirm GreeenLog is free of malware. However, when you download this program you’re also downloading the source code. Any Python programmer can look at this (well-commented) code and confirm that it is not doing anything besides what it is advertised to do. GreeenLog is still very ‘alpha’, meaning it is untested. Being a new, hobbyist programmer, I am hesitant to post this untested software somewhere more open to scrutiny than my blog. Later, when it is more robust, I might post it as an open source project that folks would be more comfortable downloading. I understand your discomfort with running keylogging software (as root) without some confirmation that it’s not stealing your personal information. All I can tell you in response is that I wrote this program for my own personal use, and I actually run the current version of GreeenLog at all times on my own computer. I have no interest in allowing that personal information to be sent anywhere other than the database on your machine.
A firewall such as Firestarter could be used to confirm my application does not send ANY information anywhere outside your computer.
Hi,
Is there anyway I can extract the screen grabs from the database file?
Key logger works great! I’m using Ubuntu 10.10.
Brian,
I’m glad to hear it’s working well for you. The answer to your question is no, not without writing a script to do so. Currently, the only way to view the images is via the GreeenLog viewer. Perhaps I should add that feature, though. Did you have something specific in mind for the images?
Great software! This is exactly what I was looking for! I was wondering if there would be a way to read the log files from another computer on a private network (via a shared folder) so I can keep tabs on them without having to log in to each one? All of the PCs are running 32-bit Ubuntu 10.10.
Christina,
I’m glad you like the logger. I’m slowly re-creating it in C++ instead of Python, so I’ll keep your request in mind for the new version. In the mean time, I think a cron job might meet your needs. It is a scheduled task that Linux will implement at whatever frequency you desire. In this case, you could run a cron job to synchronize the default greeenlog folder with your shared folder (using rsync for intelligent and speedy synchronizing instead of re-copying each time).
First, write a script to sync your shared folder to the default greeenlog directory:
#!/bin/bash
sudo rsync -a –delete /usr/local/greeenlog /path/to/shared-folder
Don’t forget to add an extra blank line at the end of the file (this ensures there is a newline at the end of the command, or it wont process). Let’s save this as /usr/local/greeenlog/copy.sh. Next, do sudo crontab -e, if you’re asked which text editor to use, choose nano because it’s easier (nerds use vi). Nano will open a temporary file used to create the cron job. It’s full of comments, which wont affect anything, read them if it’ll help you. Either delete all the comments in the file or just go to the bottom and enter the following:
30 * * * * sh /usr/local/greeenlog/copy.sh
The 30 is for 30 minutes, so change the number of minutes to suit your needs. Again, make sure you add a blank line following your entry to ensure it’s processed. Press Control + x to exit, enter y when asked if you want to save, and it’s ok to agree to save the file as whatever it defaults to. That’s it! Ensure your cronjob is running by doing sudo crontab -l. You can delete your cron job with sudo crontab -r.
on my ubuntu 10.1o kernel 2.6.35-24-generic
on run into terminal sudo ./main.pyw
show this : sudo: unable to execute ./main.pyw: Permission denied
on run: ./main.pyw
show this:
OSError: [Errno 13] Permission denied: ‘/dev/input/event2′ keyboard
help me
diecavallax,
I think all you might need to do is: sudo python ./main.pyw (assuming you’ve already navigated to the location of main.pyw, wherever you decided to save it). In order to run the program the way I described in the tutorial, you need to make the file executable with sudo chmod +x ./main.pyw, which I failed to mention above. Let me know how that works for you, and I’ll update the tutorial based on your results.
If you’re still having problems, please make sure you installed all the requirements (listed above), and if that doesn’t work, just let me know what errors you’re getting.
After reboot system.
on execute sudo python ./main.pyw in terminal
show this error: OSError: [Errno 13] Permissão negada (Permission denied)
and before press Ctrl(rigth)+alt(rigth) +g the screen show but click on “OPEN LOG VIEWER AND KEEP LOGGING” on terminal show this:
Traceback (most recent call last):
File “/media/Arquivos/linux/ubuntu/keylogger/greeenlog/controls.py”, line 227, in button_panel_handler
subprocess.Popen(os.path.join(self.dir_path, ‘logviewer.pyw’))
File “/usr/lib/python2.6/subprocess.py”, line 623, in __init__
errread, errwrite)
File “/usr/lib/python2.6/subprocess.py”, line 1141, in _execute_child
raise child_exception
OSError: [Errno 13] Permissão negada (Permission denied)
but I can set password or edit, close window and exit program on buttons without erros.
Hi, I’m trying to get your program to run. (I am a complete Linux newcomer, and this program will fill the last hole left in my move from windows). I am using Ubuntu 11.04, kernel 2.6.35-24-generic. I have double-checked that the requirements are installed. Followed your tutorial (with changes for the name of the archive) to the end, at which point I get a blinking cursor in terminal and it just stays there. The key combination gives me ^[^G in the terminal followed by the blinking cursor. When I close the terminal window I get: “There is still a process running in this terminal. Closing the terminal will kill it.”
Aurora,
Everything you described was normal Ubuntu behavior except for the fact that GreeenLog didn’t open when you used the key combination. Were you holding all three keys at the same time and using the RIGHT Control, RIGHT Alt, and g? From what you described, GreeenLog was running and did not give you any errors, so it’s also possible that it simply wasn’t reading your keystrokes, as was the case for John (second commentor). One thing you can try is to run GreeenLog as you described, then open a new terminal and navigate to whatever folder you extracted GreeenLog to. Inside you should see a file called logviewer.pyw. You can run it with python ./logviewer.pyw. This is the program that is supposed to open when you use the key combination. Take a look at it and see if GreeenLog is capturing anything at all. Let me know if it really is the case that GreeenLog is working but not logging keystrokes.
diecavallax,
It seems that you’re getting those errors because you don’t have permission to run the logviewer from the location you saved it. Try running extracting the GreeenLog archive to you Desktop and running it from there. If it still doesn’t work then there’s something else going on.
Sorry for the delayed response, I apparently wasn’t paying close attention to my email.
There is no greeenlog.pyw file, but there is a logviewer.pyw file that does run. Greeenlog is running, because there are screenshots from the last 3 days, but no keystrokes recorded. I changed return None to return “/dev/input/event2″ and now get this when I press Right alt:
Traceback (most recent call last):
File “./main.pyw”, line 244, in
keylogger.start()
File “./main.pyw”, line 113, in start
self.pcap_object = pcap.pcap(name=self.device, snaplen=2363)
File “pcap.pyx”, line 206, in pcap.pcap.__init__
OSError: /dev/input/event2: No such device exists (SIOCGIFHWADDR: No such device)
When I look through the screenshots from the previous days there is :❰Message: Greeenlog reading from keybord driver: /dev/input/event2❱ in the keys pressed window, but no other info there. clipboard text and web history are working.
Aurora,
You were right, I meant logviewer.pyw not greeenlog.pyw in my response above, so I’ve updated the comment. That message you see in your keystrokes log is meant for debugging problems just like yours, and it tells me that GreeenLog thinks /dev/input/event2 is your keyboard. My method for finding the keyboard device driver isn’t perfect, but I haven’t found a better way. It’s especially problematic when there are two possible keyboards to read from. The best way to determine what is going on here is to look at the output from this command:
sudo cat /var/log/Xorg.0.log | grep /dev/input/event
This will show us the X server logs, but only the ones that deal with adding devices. We only care about keyboards, but I think the whole list will be more helpful. The way my program looks for your keyboard is with this:
grep Name /proc/bus/input/devices | grep -nE ‘[Kk]eyboard|kbd|Logitech USB Receiver’
The output of the command above, if it finds anything, will look something like this (this is from my own machine):
4:N: Name=”AT Translated Set 2 keyboard”
Except in your case, the first character will probably be 3 (one-indexed), since that’s where GreeenLog thinks your keyboard is – /dev/input/event2 (zero-indexed)
Anyway, post the X server output and the output from the command above and we can figure out what the problem is. If we can correctly identify which keyboard we should be reading from, we can change keylog.py on line 225 to match the appropriate driver (e.g. return “/dev/input/event6″ or whatever). This would be just a quick fix, since the next time you reboot, if you’ve added or removed any devices, the number may change.
If we can figure this out, I’ll also improve my function to prevent this problem for other users.
IMPORTANT: It looks like you made changes to utils.py based on one of my previous posts. You need to undo your changes, because that deals with the network device and seems to be the cause of your new error. I’ll leave the comment in place for now so you can see what it’s supposed to look like, but after that I’ll be removing it. Apparently, I wasn’t paying close attention when I gave out that advice.
I removed the greeenlog folder and extracted the archive again to make sure the files have no changes.
dad@dad-M68M-S2P:~$ sudo cat /var/log/Xorg.0.log | grep /dev/input/event
[sudo] password for dad:
[ 18.047] (II) config/udev: Adding input device Power Button (/dev/input/event1)
[ 18.048] (**) Power Button: Device: “/dev/input/event1″
[ 18.083] (II) config/udev: Adding input device Power Button (/dev/input/event0)
[ 18.083] (**) Power Button: Device: “/dev/input/event0″
[ 18.162] (II) config/udev: Adding input device ov519 (/dev/input/event4)
[ 18.162] (**) ov519: Device: “/dev/input/event4″
[ 18.242] (II) config/udev: Adding input device Logitech USB Optical Mouse (/dev/input/event3)
[ 18.242] (**) Logitech USB Optical Mouse: Device: “/dev/input/event3″
[ 18.304] (II) config/udev: Adding input device AT Translated Set 2 keyboard (/dev/input/event2)
[ 18.304] (**) AT Translated Set 2 keyboard: Device: “/dev/input/event2″
dad@dad-M68M-S2P:~$ grep Name /proc/bus/input/devices | grep -nE ‘[Kk]eyboard|kbd|Logitech USB Receiver’
No command ‘kbd’ found, did you mean:
Command ‘dbd’ from package ‘netatalk’ (universe)
Command ‘rbd’ from package ‘ceph’ (universe)
Command ‘sbd’ from package ‘cluster-glue’ (universe)
Command ‘kid’ from package ‘python-kid’ (universe)
Command ‘k3d’ from package ‘k3d’ (universe)
kbd: command not found
Logitech: command not found
dad@dad-M68M-S2P:~$
Aurora,
It looks like you cut and pasted that last command complete with this blog’s fancy apostrophes. You need to replace the apostrophes with real ones. Or maybe I could just use the right html code that you can cut and paste:
grep Name /proc/bus/input/devices | grep -nE '[Kk]eyboard|kbd|Logitech USB Receiver'
I expect you’ll see the following, based on what you showed me from the X server output:
3:N: Name-”AT Translated Set 2 keyboard”
But if you do, I truly don’t understand what the problem is because that means GreeenLog is finding the right keyboard device and should be capturing keystrokes. I have the exact same device and it is working perfectly for me. How is your keyboard wired? (USB? / PS/2? / laptop?)
If you’re willing to try, I’d like to take GreeenLog out of the picture entirely and see how your system runs the most stripped-down version of my keylogger possible. It’s entirely console based and simply writes keystrokes to a text file. The instructions are simple:
Save the keylog.py to your Desktop (Right click on the link → Save Link As…) and open a terminal:
cd Desktop
sudo python keylog.py
Now the program is running. You could simply open the file it creates on your Desktop called keylog_output.txt, but since your keystrokes should be written to this file continuously, it’s easier to see the updates if you open a second terminal window (leave the first one running) and run this command:
tail -f ~/Desktop/keylog_output.txt
Try typing some keys (I like to use a blank text file to type in). You should not have to wait for feedback, the keystrokes should appear within a second or two of being pressed. This time, even if you are not able to see your keystrokes, you should see the device my program is reading from along with any other keyboards available. If you don’t see your keystrokes, then we know there is something fundamentally wrong with the keylogger and I’ll have to go back to the drawing board. If this works properly, then there is something else going on in GreeenLog and it might be a much easier fix. When you’re done, you can just delete keylog.py and the text file it creates on your Desktop (keylog_output.txt) and there will be no other residuals left on your system. It’s a very basic Python script.
Yes, grep Name /proc/bus/input/devices | grep -nE ‘[Kk]eyboard|kbd|Logitech USB Receiver’ returns 3:N: Name=”AT Translated Set 2 keyboard”
It is a hp internet keyboard, ps2. I also tried a standard ps2 101 keyboard, same response, and a usb multimedia keyboard, no response. sudo python keylog.py shows … Listening on device: /dev/input/event2 with the ps2 keyboards but doesn’t show any keys typed, the usb keyboard gets
Traceback (most recent call last):
File “keylog.py”, line 43, in
keyboard_driver = ‘/dev/input/event’ + kbd_list[0]
IndexError: list index out of range
when I try to run keylog.py with it.
Aurora,
Thanks for trying that for me. Obviously, there is something wrong fundamentally with the keylogger. It’s listening to the right device (except with the USB keyboard) but it simply doesn’t log keys. Perhaps this has something to do with Ubuntu 11.04 (I’ve only tried it up to 10.10).
I plan to re-implement the whole application in C++ when I have some more time, but I need to polish my C++ skills first. I plan to tap into GNOME to read keystrokes instead of reading directly from the hardware, since this apparently doesn’t work well on all machines.
Thanks for the help, and I’ll let you know if I find a solution for you.
I just installed this for my sister on one of her laptops, which is running Lucid. The key logger is working great, but the screenshot images all show up in black and white and skewed (leaning 45 degrees to the left, with the lower right-hand part of the screen wrapped around to show at the lower left – like a tv with awful reception). She has Intel Mobile 4 graphics and the driver in use is i915. Any ideas as to where I should look for the problem?
Christina,
That’s the strangest bug I’ve heard about so far, and I don’t know what’s wrong. I’ve written a short python script to test the basic functionality of the gtk and PIL modules I’m using. You can download it from here. All it does is take a screenshot and open it. If the image is all screwed up, then there’s a problem with those modules. Otherwise, my application is somehow distorting the images. I’m curious to know which it is. Save this script (called screenshot.py) wherever you want, then open the terminal and navigate the directory you saved it in. Just do python screenshot.py (no sudo required). Don’t worry, it’s not malicious code. Check it out yourself with gedit first if you want to be sure, the code is easy to read.
I just ran screenshot.py and the screenshot it opened is indeed warped.
Christina,
Sorry for the late response, I apparently missed the email notification that you posted here. I’m actually relieved to hear the image is warped when you run that script, because that means it’s not my fault :) It’s most likely a bug in pyGTK (a Python module I used in my program), and it’s also specific to your sister’s system since I haven’t noticed or heard about it before. I might be able to figure out the problem, but I’m going to need more information. Open a terminal and run python (just type python), then do this:
@ Aurora and john,
I’ve finally figured out why Greeenlog wasn’t logging keystrokes for you guys, and I’ve updated Greeenlog to fix the problem! Download it again and you’ll get version 0.5, which now supports 64-bit Ubuntu (which apparently is setup to send 24-bit packets from the keyboard instead of 16-bit). Sorry it took me so long, but I didn’t figure it out until I had 64-bit Ubuntu myself and was able to troubleshoot. Enjoy!
Here’s the output from that:
>>> import platform
>>> platform.platform()
‘Linux-2.6.32-31-generic-pae-i686-with-Ubuntu-10.04-lucid’
>>> import sys
>>> sys.version
’2.6.5 (r265:79063, Apr 16 2010, 13:09:56) \n[GCC 4.4.3]‘
>>> import Image
>>> Image.VERSION
’1.1.7′
>>> import gtk
>>> gtk.gtk_version
(2, 20, 1)
Christina,
Well, I couldn’t identify any obvious problems, so I just tried a re-write of the sample script using slight variations of the same methods. I did notice that the screenshots can easily become distorted if you pass the wrong arguments to these methods, so this might do the trick. Try screenshot_v2.py the same way you tried the first version. By the way, thanks for your feedback and patience! If this works, I’ll update Greeenlog to use this technique for screenshots.
Thank you for investing so much time into this! Version 2 did come back with a perfect image. :)
Christina,
I’ve incorporated that method into greeenlog-0.60, along with the ability to add your own URL filters. I hope this works for you. Just make sure that you remove your old database files and settings files before you install the new version (will cause some very strange errors otherwise).
First, make sure you kill greeenlog. If you run it the way I recommend, this isn’t so easy, so follow along. First do this: ps -Af | grep greeenlog and you should see a couple results. The line you’re looking for looks like this: root 1783 1693 0 07:34 ? 00:00:04 python2.6 /usr/local/greeenlog/main.pyw. You know it’s the right line because the path is correct. The first number you see after root is the process ID. Now just kill it with sudo kill 1783 (substituting 1783 with whatever your process ID was).
Since the database is actually a hidden file (prefixed with a period), nautilus and ls will not actually display it by default, so I recommend you just delete the entire old greeenlog directory with sudo rm -rf /usr/local/greeenlog (replace that with whatever path you actually used for your greeenlog installation) and reinstall as per my original instructions in the post. That way, you can be sure it’s a clean install and you shouldn’t have any trouble. If you followed my instructions on how to run GreeenLog as root at startup, you wont have to re-do any of that as long as you re-install into the exact same directory as you did originally.
It’s working perfectly! Thanks so much!
Christina,
I’m glad it’s working for you. Please excuse my super complicated way to kill GreeenLog. In hindsight, it’s much easier to simply exit from the GUI and it does the same thing (as long as you have the password). Oh well :)
Could you help me fix it?
Traceback (most recent call last):
File "./greeenlog/main.pyw", line 281, in
keylogger = Keylogger()
File "./greeenlog/main.pyw", line 80, in __init__
self.logger = logger.Logger(self.queue)
File "/home/splhead/Downloads/greeenlog/logger.py", line 53, in __init__
self.sys_last_shutdown = self.get_last_shutdown()
File "/home/splhead/Downloads/greeenlog/logger.py", line 211, in get_last_shutdown
last_shutdown_dt_obj = datetime.datetime.strptime('%d %s' % (datetime.datetime.now().year, last_shutdown), '%Y %b %d %H:%M')
File "/usr/lib/python2.7/_strptime.py", line 325, in _strptime
(data_string, format))
ValueError: time data '2011 May 18 19:01' does not match format '%Y %b %d %H:%M'
Thanks
@ Silas,
I released an update (GreeenLog 0.6.1) to hopefully bypass the error you got. It seems that your Linux box is logging month abbreviations in the en_US locale (as does mine), but your Python locale is set to something else. As I have no experience working with different locales, I simply caught the exception. As a result, you most likely will not be able to see the last time your computer was shutdown from within GreeenLog (no big deal, that feature was an afterthought anyway).
Hey,
i succesfully installes allt he necessities to run the programm
Only i cannot press the secret keycombination as on my keyboard theres is no right ctrl key…. what do i have to change to enjoy the programm
Thanks
JPN Bethune
Hey,
In the terminal i can execute the Greenlog database viewer with the sudo ./logviewer.pyw command. The screen appears but i can not go to the bottom of the screen. What i can see is the captured image, the frame with Keys pressed (but no moving button to scroll at the right side), the beginning of teh clipboard text but the i cannot see the frame of web history and buttons previous:next and quit…….i have been truing to change the configuration in the logviewer script but nothing changes…..ps my computer is a Toshiba Satellite Pro 4200 with a screenresolution of 1020×900. What can i do to get the full database vieuwer on my screen Thanks
Bethune,
Sorry for the late response. I didn’t think about alternate keyboard configurations when I wrote this (for my own use), so I hard-coded the secret key combination to avoid having to write a GUI for selecting your secret key combo. In the spirit of being lazy, can you just tell me what alternate key combination would work for you better? You’re probably not the only one who will have this problem, so I should change this for everybody. How about Left Shift + Left Control + Left Alt + G?
As for your problem with the window size: sorry about that. My logviewer is crude at best, and its window size is fixed. Based on what you said, I’d guess your Ubuntu screen resolution isn’t really maxed out at 1020 x 900. Check it again at System → Preferences → Monitors. Once your screen resolution is maxed out, you should almost be able to see the entire logviewer on your screen. You might see the edges cut off, so you can hold down the ALT key and drag the window around with your mouse until everything you need to see is in view.
Hey man, I need help! I get this error:
/var/lib/python-support/python2.5/gtk-2.0/gtk/__init__.py:72: GtkWarning: could not open display
warnings.warn(str(e), _gtk.Warning)
Traceback (most recent call last):
File “./main.pyw”, line 281, in
keylogger = Keylogger()
File “./main.pyw”, line 74, in __init__
self.x_screen_saver = XScreenSaverSession()
File “./main.pyw”, line 57, in __init__
self.dpy = self.xlib.XOpenDisplay( os.environ['DISPLAY'])
File “/usr/lib/python2.5/UserDict.py”, line 22, in __getitem__
raise KeyError(key)
KeyError: ‘DISPLAY’
Do you know maybe how to solve this? Thanks!
Hi I’m running Greenlog under mint x64 but it does not log anything, the screenshot and the clipboard work. I already tried to change keylog.py like you said here, but nothing
… and its an usb keyboard
hi friends,
can u please assist me to have the log reports for more than one computer in a network, can be track can be save logs, can be view from single computer in a network
hi greeenguru,
i downloaded the latest greenlog (0.6.1) and installed on my shared laptop (DELL D620). The system running is ubuntu 11.10 (32 bits) kernel 3.0.0-14-generic.
Here what i did :
greeenlog uncompressed and moved in /usr/local/greeenlog folder
files in this folder got execute permission flag
additional component added :
sudo apt-get install python-pypcap
sudo apt-get install python-gtk2
sudo apt-get install python-wxgtk2.8
sudo apt-get install python-imaging
!– below added to resolve theme issue
sudo apt-get install gtk2-engines-pixbuf
sudo apt-get install gtk-engines-pixmap
then when i launched :
sudo python /usr/local/greeenlog/main.pyw
i get that in the terminal
——————————
bdm@bdm-Latitude-D620:~$ sudo python /usr/local/greeenlog/main.pyw
Traceback (most recent call last):
File “/usr/local/greeenlog/main.pyw”, line 281, in
keylogger = Keylogger()
File “/usr/local/greeenlog/main.pyw”, line 74, in __init__
self.x_screen_saver = XScreenSaverSession()
File “/usr/local/greeenlog/main.pyw”, line 62, in __init__
self.xss = ctypes.cdll.LoadLibrary(‘libXss.so.1′)
File “/usr/lib/python2.7/ctypes/__init__.py”, line 431, in LoadLibrary
return self._dlltype(name)
File “/usr/lib/python2.7/ctypes/__init__.py”, line 353, in __init__
self._handle = _dlopen(self._name, mode)
OSError: libXss.so.1: Ne peut ouvrir le fichier d’objet partagé: Aucun fichier ou dossier de ce type
and of course when i ran
bdm@bdm-Latitude-D620:~$ sudo /usr/local/greeenlog/logviewer.pyw
The database named ‘.greeen’ is not where it should be! Either put it back or start logging again to view the database.
any ideas how to resolve this issue ?
best regards
Kamlesh,
Sorry, that feature is too much work for me. You can try using rsync and crontab as I suggested for Christina (above). That might work for you (untested).
Millis,
I just updated Greeenlog, and the new version (0.6.2) should work for you now. I didn’t realize some base installs of Ubuntu don’t have the DISPLAY environmental variable set.
Fontes,
I’ve had a lot of problems trying to get this application to work with various keyboards. No promises, but try running this script I created just to help troubleshoot keyboard driver problems. It’s keylog.py. It’ll just try to log keystrokes to a file on your Desktop. Use Ctrl+c to quit. Nothing shady about it. I have posted more detailed instructions above. Let me know if you have any luck or what errors you got.
bdm,
I’m not sure when I changed the main.pyw code, but I now have libXss.so.6 instead of libXss.so.1. Try downloading the new version (0.6.2). And thanks for the tip to resolve the theme issue. Those warnings were annoying.
Hi greeenguru,
i solved the issue
File “/usr/local/greeenlog/main.pyw”, line 62, in __init__
self.xss = ctypes.cdll.LoadLibrary(‘libXss.so.1′)
came from last ubuntu distrib 11.10 (oneiric), a lot of libraries have been removed, so to have software running well you have to do that :
sudo apt-get install libxss1:i386
and it works :)
bdm
bdm,
Thank you for troubleshooting that for me. I wonder if that will still be necessary for some running the new version. It wasn’t for me (64-bit 11.10). Thanks again, and I’m glad you got it working.