Wireless Attacksbluetoothscannerloggersite survey

Bluelog

Bluelog is a Bluetooth scanner designed to quickly identify the number of discoverable devices in an area. It logs discovered devices to a file and can run unattended for long periods.

Description

Bluelog is a Bluetooth site survey tool intended for identifying possible Bluetooth targets in the surrounding environment. Its primary function is to log discovered devices to a file rather than interactive use, allowing it to collect data over extended periods without supervision. It provides a fast way to determine how many discoverable Bluetooth devices are present in a given location.

Use cases include site surveys to map Bluetooth device density and unattended monitoring for data collection. Bluelog also features 'Bluelog Live' mode, which generates a webpage of results that can be served via an HTTP daemon for real-time viewing. This makes it suitable for ongoing surveillance or demonstration purposes.

The tool supports various logging and output customizations, such as including device names, manufacturers, classes, timestamps, and MAC obfuscation options. It is lightweight with an installed size of 198 KB and depends on standard Bluetooth libraries.

How It Works

Bluelog uses the default Bluetooth interface (hci0) to scan for discoverable devices, autodetecting the device and logging results to a timestamped file. It performs name resolution with configurable retries and supports scanning windows, amnesia for old devices, and formats like BlueProPro logs. Output can be customized with verbose printing, syslog-only mode, or live web serving, while daemon mode enables background operation with PID tracking.

Installation

bash

sudo apt install bluelog

Flags

-i <interface>Sets scanning device, default is hci0

-o <filename>Sets output filename, default is devices.log

-vVerbose, prints discovered devices to the terminal

-qQuiet, turns off nonessential terminal output

-dEnables daemon mode, Bluelog will run in background

-kKill an already running Bluelog process

-lStart Bluelog Live, default is disabled

-nWrite device names to log, default is disabled

-mWrite device manufacturer to log, default is disabled

-cWrite device class to log, default is disabled

-fUse friendly device class, default is disabled

-tWrite timestamps to log, default is disabled

-xObfuscate discovered MACs, default is disabled

-eEncode discovered MACs with CRC32, default disabled

-bEnable BlueProPro log format, see README

-r <retries>Name resolution retries, default is 3

-a <minutes>Amnesia, Bluelog will forget device after given time

-w <seconds>Scanning window in seconds, see README

-sSyslog only mode, no log file. Default is disabled

Examples

Runs Bluelog with default settings: autodetects device, opens timestamped log file, writes PID, and starts scanning until Ctrl+C

bluelog

Displays help output with all basic, logging, and advanced options for Bluelog v1.1.2

bluelog -h

Sets scanning device to hci0 explicitly and starts scanning

bluelog -i hci0

Sets custom output filename to devices.log instead of default timestamped log

bluelog -o devices.log

Enables verbose mode to print discovered devices to terminal during scan

bluelog -v

Starts Bluelog in daemon mode to run in background unattended

bluelog -d

Starts Bluelog Live mode to create a webpage of scan results for HTTP serving

bluelog -l

Kills any already running Bluelog process using the PID file

bluelog -k

Updated 2026-04-16kali.org ↗