What is KEYCapture?

KEYCapture is an OpenVMS system software tool which allows the system administrator to log keyboard input read from the terminals of selected users. The input-logging portion of companion product PEEK & SPY was split off as a separate, greatly-enhanced product – KEYCapture.

What value does KEYCapture have as a security tool?

KEYCapture provides a way for companies to comply with auditing and government regulations such as Sarbanes-Oxley. KEYCapture was created as a security tool for monitoring users and may be used to log, to a file, everything that has been input by a user. For each line of input read from the terminal, the log file includes a timestamp, any read-prompt that was displayed, the name of the image which received the input, and the exact line of input sent to that image. This allows one to document exactly what the user really did. KEYCapture can be set up to automatically log specific users or terminals. For instance for security purposes, KEYCapture can be used to monitor dial-up lines or privileged users.

What does KEYCapture do?

As a comparison, PEEK & SPY logs contain an exact duplicate of every output character sent to the user’s terminal, including backspaces and non-printing characters. You can replay a PEEK & SPY log and see exactly what the user saw on their screen.

KEYCapture creates log files which contain the input read from the terminal keyboard. KEYCapture log files contain only the completed terminal-input lines read and don’t contain any backspaces or other line-editing done by the user prior to the completion of the read.

Some customers have found KEYCapture fits their requirements better than PEEK & SPY, and some customers use both applications.

When logging-in to another system with any of the SET HOST commands (including TELNET), KEYCapture does not log any characters which are input to the remote system. KEYCapture does log the fact that input was entered, but the characters themselves aren’t logged. Since the input is going to another system, this doesn’t compromise the security of the system on which KEYCapture is running.
If the remote system is running VMS, KEYCapture can be used on that system to log the input without jeopardizing password security for the remote system.

How does KEYCapture handle passwords?

Earlier versions of PEEK & SPY had a rudimentary input logging feature which logged all keystrokes, even passwords. KEYCapture takes special care to control what is done with non-echoed keyboard
input data to avoid a security breach resulting from password information being captured in a KEYCapture log file.

KEYCapture suppresses logging of passwords entered as part of DCL SET PASSWORD or SET HOST commands, SET HOST/LAT, SET HOST/TELNET, and SET HOST/DTE. Also for well-known programs which request VMS passwords (LOGINOUT.EXE and VMS’s TCPIP FTP, RLOGIN and TELNET commands), KEYCapture skips logging the passwords. For other known images, KEYCapture can be configured to ignore any non-echoed input received.

Please note that KEYCapture will record passwords and other non-echoed input for programs other than the above. Use with caution on any sensitive accounts or systems if you have programs other than the above which are password protected.

How large are the KEYCapture input log files?

The input log files created by KEYCapture are small in comparison to logging all terminal output with PEEK & SPY. KEYCapture input logs are created in a terse, binary format. With KEYCapture we provide a KCVT.EXE program to convert the binary files into files which are easy to view or search.

A feature of KEYCapture allows new versions of log files to be periodically opened. This is useful for breaking up large log files, and also for limiting the total amount of disk-space consumed by log files. Logging can be set up to automatically reopen new versions of the log file based on file size or time span or both.

What are some additional features of KEYCapture?

  • KEYCapture may be run from most terminals, including terminals which are connected directly to the computer, terminals connected via a terminal server or Telnet, DECwindows DECterm windows, and DECnet remote terminal as created by SET HOST (One can use the CHECK_TERMINAL.COM command file provided in the KEYCapture distribution to determine if a particular type of terminal is compatible with KEYCapture.)
  • Default features can be customized by the system manager, and also individually customized on a session-by-session basis.
  • Certain users may be designated as not-to-be-logged. You can also arrange for a user to always be warned when logged.
  • KEYCapture, like many OpenVMS utility programs such as MAIL, TPU, etc., include SPAWN and ATTACH commands which allow use of subprocesses without having to exit back to DCL.

How do you get a KEYCapture license?

Download a free demonstration copy from PEEK & SPY and KEYCapture are in the same installation kit. During the installation, you can choose to install KEYCapture and/or

When you first install KEYCapture on your system, it will NOT automatically allow a 30-day product demonstration. To prevent surreptitious unauthorized use of KEYCapture, an authorization key from NDC is required to run the demo. Please contact

How are KEYCapture license fees determined?

An account representative will provide a quote for you for your exact configuration and needs.

Free KEYCapture Software Demo Download

Call 1-800-275-6321 now for more information, or download a free, 30-day KEYCapture software demonstration today. (Note: For security reasons, a demonstration license key is required to enable running a KEYCapture demo.)

Contact Information

Networking Dynamics Corporation
912 Drew St.
Suite 104
Clearwater, FL, 33755

SysGem Self-Service Password Reset demo