{"id":31786284,"url":"https://github.com/cybersecurity-dev/let","last_synced_at":"2025-10-10T12:51:16.729Z","repository":{"id":288338753,"uuid":"967712000","full_name":"cybersecurity-dev/LET","owner":"cybersecurity-dev","description":"Event Tracing for Linux","archived":false,"fork":false,"pushed_at":"2025-10-04T16:23:01.000Z","size":14,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-04T18:25:03.826Z","etag":null,"topics":["linux","linux-event-log","linux-event-logs","linux-eventlog","tracing"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cybersecurity-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-04-16T22:07:25.000Z","updated_at":"2025-10-04T16:23:04.000Z","dependencies_parsed_at":"2025-10-04T18:23:52.095Z","dependency_job_id":null,"html_url":"https://github.com/cybersecurity-dev/LET","commit_stats":null,"previous_names":["cybersecurity-dev/let"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cybersecurity-dev/LET","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cybersecurity-dev%2FLET","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cybersecurity-dev%2FLET/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cybersecurity-dev%2FLET/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cybersecurity-dev%2FLET/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cybersecurity-dev","download_url":"https://codeload.github.com/cybersecurity-dev/LET/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cybersecurity-dev%2FLET/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003890,"owners_count":26083641,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["linux","linux-event-log","linux-event-logs","linux-eventlog","tracing"],"created_at":"2025-10-10T12:51:11.907Z","updated_at":"2025-10-10T12:51:16.719Z","avatar_url":"https://github.com/cybersecurity-dev.png","language":null,"readme":"\u003cp align=\"center\"\u003e\n \u003ca href=\"https://docs.kernel.org/trace/events.html\"\u003e\n \u003cimg width=\"20%\" src=\"https://github.com/cybersecurity-dev/cybersecurity-dev/blob/main/assets/Tux.svg\" /\u003e\n \u003c/a\u003e\n\u003c/p\u003e\n\n# **LET** | _Event Tracing for Linux_\n[![made-with-python](http://forthebadge.com/images/badges/made-with-python.svg)](https://www.python.org/)\n[![open-source](https://forthebadge.com/images/badges/open-source.svg)](https://cyberthreatdefence.com/)\n\nLET is a tracing facility that allows a user to log events to a file (_JSON, XML, CSV_)\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://github.com/cybersecurity-dev/\"\u003e\u003cimg height=\"25\" src=\"https://github.com/cybersecurity-dev/cybersecurity-dev/blob/main/assets/github.svg\" alt=\"GitHub\"\u003e\u003c/a\u003e\n \u0026nbsp;\n \u003ca href=\"https://www.youtube.com/@CyberThreatDefence\"\u003e\u003cimg height=\"25\" src=\"https://github.com/cybersecurity-dev/cybersecurity-dev/blob/main/assets/youtube.svg\" alt=\"YouTube\"\u003e\u003c/a\u003e\n \u0026nbsp;\n \u003ca href=\"https://cyberthreatdefence.com/my_awesome_lists\"\u003e\u003cimg height=\"20\" src=\"https://github.com/cybersecurity-dev/cybersecurity-dev/blob/main/assets/blog.svg\" alt=\"My Awesome Lists\"\u003e\u003c/a\u003e\n \u003cimg src=\"https://github.com/cybersecurity-dev/cybersecurity-dev/blob/main/assets/bar.gif\"\u003e\n\u003c/p\u003e\n\u003cdetails\u003e\n\n\u003csummary\u003eInstall required tools on Linux\u003c/summary\u003e\n\n### For Ubuntu 18.04, 20.04, 22.04\n\n```bash\nsudo apt-get update\nsudo apt-get install -y libtraceevent-dev \\\n libtracefs-dev\n```\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\n\u003csummary\u003eInstall required python libs\u003c/summary\u003e\n\n### pip install\n```bash\npip install -r requirements.txt\npython3 setup.py install\n```\n\n### conda install\n```bash\nconda config --add channels conda-forge\nconda install --file requirements_conda.txt\npython3 setup.py install\n```\n\n\u003c/details\u003e\n\n## Common Linux Kernel Event Types\n\n| **Event Type** | **Description** | **Subsystem / Use Case** |\n|----------------------|------------------------------------------------------------------------------|------------------------------------|\n| `IN_ACCESS` | File was accessed | inotify |\n| `IN_MODIFY` | File was modified | inotify |\n| `IN_ATTRIB` | Metadata changed (e.g., permissions, timestamps) | inotify |\n| `IN_CLOSE_WRITE` | File opened for writing was closed | inotify |\n| `IN_CLOSE_NOWRITE` | File not opened for writing was closed | inotify |\n| `IN_OPEN` | File was opened | inotify |\n| `IN_MOVED_FROM` | File moved out of watched directory | inotify |\n| `IN_MOVED_TO` | File moved into watched directory | inotify |\n| `IN_CREATE` | File/directory created in watched directory | inotify |\n| `IN_DELETE` | File/directory deleted in watched directory | inotify |\n| `IN_DELETE_SELF` | Watched file/directory was itself deleted | inotify |\n| `IN_MOVE_SELF` | Watched file/directory was itself moved | inotify |\n| `EPOLLIN` | File descriptor is ready for read | epoll |\n| `EPOLLOUT` | File descriptor is ready for write | epoll |\n| `EPOLLERR` | Error condition on file descriptor | epoll |\n| `EPOLLHUP` | Hang up happened on the associated file descriptor | epoll |\n| `FAN_ACCESS` | File was accessed | fanotify |\n| `FAN_MODIFY` | File was modified | fanotify |\n| `FAN_CLOSE_WRITE` | Writable file was closed | fanotify |\n| `FAN_CLOSE_NOWRITE` | Unwritable file was closed | fanotify |\n| `FAN_OPEN` | File was opened | fanotify |\n| `FAN_EVENT_ON_CHILD` | Events occurred on a child of the watched directory | fanotify |\n| `KEY_PRESS` | Key was pressed | input subsystem (`/dev/input`) |\n| `KEY_RELEASE` | Key was released | input subsystem (`/dev/input`) |\n| `REL_X`, `REL_Y` | Relative mouse movement | input subsystem |\n| `ABS_X`, `ABS_Y` | Absolute pointer position | input subsystem |\n| `AUDIT_SYSCALL` | System call event | auditd / kernel audit subsystem |\n| `NETLINK_ROUTE` | Network interface changes (e.g., link up/down) | netlink |\n\n\n##\n\n### Contributing\n\n[Contributions of any kind welcome, just follow the guidelines](contributing.md)!\n\n### Contributors\n\n[Thanks goes to these contributors](https://github.com/cybersecurity-dev/LET/graphs/contributors)!\n\n[🔼 Back to top](#let--event-tracing-for-linux)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybersecurity-dev%2Flet","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcybersecurity-dev%2Flet","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybersecurity-dev%2Flet/lists"}