Tweet
Debugging CCcam for all to read
Debugging CCcam
This is an article that tries to help understanding how to debug CCcam events.
Understanding this may help you to get a more stable server.
To achieve this you need to remove all/most of ongoing errors.
Example commands to find errors are also included.
To get a stable server follow this important rules:
1. Do NOT use port 12000 (user a high like 53232)
2. Quality before Quantity
3. Never ever add a peer without having userīs email/msn. This way you can ask him if some is wrong.
4. Add DNS/IP at the end of your F: lines Example:
F: username password 1 0 0 { 0:0:1 } { } { } [color="RoyalBlue"]myservercam.dyndns.org[\COLOR]
5. If you remove a peer, do tell him that you have done, and ask him to remove his C: line. If you remove a client and hi does not remove his C: line, he will fill up you log, trying to reconnect. Re-add his F: line but do not give him any cards. Example:
F: username password 0 0 0 { 0:0:0 }
First step is to enable CCcam debugging. This can be done in one or two ways.
1. Run CCcam from command prompt like this: /var/bin/CCcam -d >>/var/log/debug & You need to stop the CCcam by kill it before you restart it with options.
2. If you have a linux server like Ubuntu, you can add this info to CCcam.cfg: DEBUG : yes. This option is fine, since you do not need to restart CCcam server. Debug data are then logged to /var/log/debug
Warning: Log files do grow rapidly large.
Other debug options
CCcam.x86 -h
Quote:
usage: CCcam [-d] [-C <configfile>]
-d run in the foreground (implies -v and -q)
-v be verbose
-q don't use syslog (use on old systems)
-C <configfile> use <configfile> instead of default (/var/etc/CCcam.cfg)
-f filter on specific demux data (saves some CPU,
but some platforms might not handle this very well)
-n show network packets
-s disable server
-t show timing
-l disable self-learning capabilities
Debug info
* (1) Starting CCcam
When CCcam server start it shows you some useful information.
Quote:
Jan 9 00:10:17 server2 CCcam: ================================================== ====================
Jan 9 00:10:17 server2 CCcam: starting CCcam 2.2.1 compiled on Nov 21 2010@02:35:58
Jan 9 00:10:17 server2 CCcam: ================================================== ====================
Jan 9 00:10:17 server2 CCcam: online using nodeId f33bbb682caa9cec
Jan 9 00:10:17 server2 CCcam: create 1 cam device(s)
Jan 9 00:10:17 server2 CCcam: card detect fail
Jan 9 00:10:17 server2 CCcam: readKeyfile: cannot open /var/keys/SoftCam.Key or not found
Jan 9 00:10:17 server2 CCcam: readKeyfile: cannot open /var/keys/AutoRoll.Key or not found
Jan 9 00:10:17 server2 CCcam: static cw not found or bad
Jan 9 00:10:17 server2 CCcam: parsed 0 entries from /var/etc/CCcam.prio
Jan 9 00:10:17 server2 CCcam: added 832 provider names from /var/etc/CCcam.providers
Jan 9 00:10:18 server2 CCcam: added 11522 channel names from /var/etc/CCcam.channelinfo
Jan 9 00:10:18 server2 CCcam: server started on port 12000
Jan 9 00:10:18 server2 CCcam: card detect fail
Jan 9 00:10:19 server2 CCcam: card detect fail
Jan 9 00:10:21 server2 CCcam: /dev/ttyUSB0 configured clock frequency: 5600000 Hz
Jan 9 00:10:21 server2 CCcam: conax card found
Jan 9 00:10:21 server2 CCcam: card added to broker with caid b00
It seems that the server tries some time to detect your card and do not see it the first couple of times.
Since login from users start up, it may not be so easy to see all lines as show here.
To see all restart in logfile, run:
cat /var/log/daemon.log | grep -1 ====
* (2) Normal login to you Server
This shows a normal login from a client to your server:
Quote:
Jan 17 13:34:53 server2 CCcam: login from 66.255.5.153
Jan 17 13:34:53 server2 CCcam: user pedro login attempt from 66.55.5.153
Jan 17 13:34:53 server2 CCcam: client pedro@a9d6346630a9639c, running CCcam 2.1.2
* (3) Changed config
If you edit CCcam.cfg this is logged
Quote:
Jan 28 14:36:15 server2 CCcam: configfile changed. Updating...
* (4) KeepAlive
To keep server and clients connected, there are sent keep alive packed. If the user turn off his server, or network connection are lost, you do see this:
Quote:
Jan 21 15:14:09 server2 CCcam: keepalive failed, close connection to server.dyndns.org
* (5) ECM
Most of the debug file will contain information on ECM handling. You get Error when some request ECM for a channel that is from a card you have, but not able to open the channel.
From remote server Ok:
Quote:
Jan 18 09:36:53 server2 CCcam: client demodemo ecm request for handler 0x64 0xb00(0x0) sid 0x135 ok: 1
Jan 18 09:36:54 server2 CCcam: remote ecm -> server.dyndns.org:12000 0xb00(0x000)
Jan 18 09:36:54 server2 CCcam: remote ecm <- server.dyndns.org:12000 ok
From remote server Cache:
Quote:
Jan 18 09:36:54 server2 CCcam: remote ecm <- server.dyndns.org:12000 cws from cache
From remote server Error:
Quote:
Jan 18 09:36:54 server2 CCcam: remote ecm <- server.dyndns.org:12000 error
From local card Ok:
Quote:
Jan 21 17:34:01 server2 CCcam: client pedro ecm request for handler 0x64 0xb00(0x0) sid 0xdbb ok: 1
Jan 21 17:34:01 server2 CCcam: local ecm -> card /dev/ttyUSB0 0xb00(0x000) sid 0x5dd
Jan 21 17:34:01 server2 CCcam: local ecm <- card /dev/ttyUSB0 ok
From local card from Cache:
Quote:
Jan 21 17:34:01 server2 CCcam: local ecm <- card /dev/ttyUSB0 cw's from cache
From local card Error:
Quote:
Jan 21 17:34:01 server2 CCcam: local ecm <- card /dev/ttyUSB0 error
* (6) ECM timing
To see ECM timing, you need to turn it on in CCcam.cfg with this command SHOW TIMING: yes or starting CCcam with with -dt like this CCcam -dt
Quote:
Jan 11 20:53:34 server2 CCcam: remote ecm <- cccam.dyndns.com:12000 ok (took 0.210 seconds)
Jan 11 20:53:34 server2 CCcam: client pedro ecm request for handler 0x31e5f 0x90f(0x0) sid 0xdb5 ok: 1 (took 0.121 seconds)
You will then see how long an ECM request takes (at end of line). This do add some extra load on CCcam server, so take care.
* (7) EMM
EMM are the codes that keep your cards alive. If you do not get this and have cards in your server, it will die after some time.
Quote:
Jan 29 14:47:13 server2 CCcam: local emm -> card /dev/ttyUSB0 0xb00(0x000)
Jan 29 14:47:13 server2 CCcam: local emm <- card /dev/ttyUSB0 ok
Jan 29 14:47:13 server2 CCcam: client garbimbbit emm 0xb00(0x0) ok: 1
* (8) Portscan-Telnet to your Server
If some just open the CCcam port without logging in you get this info. This can come from some doung portscan, or just do a telnet yourip 12000
Quote:
Jan 16 14:22:19 server2 CCcam: login from 155.10.10.132
Jan 16 14:22:25 server2 CCcam: kick 155.10.10.132, bad response
This command, do list all ip sorted and counted:
grep "bad response" | awk ' {arr[$7]++; next} END { for (i in arr) { if(arr[i]>0 ) {print i,arr[i] } } } ' | sort
Quote:
84.20.182.97, 1
84.191.27.229, 3
85.16.46.59, 14
* (9) Double login to your Server
Two or more users try to log in to your server using same username.
This can be due to one ore more reason:
* From same IP. A user have more than one CCcam session runniing on his server that uses same CCcam.cfg
* From same IP. A user may run to clients using same CCcam.cfg
* Fram same IP. Client or you have packet drop (bad internet line), clients thinks he lost server and tries to login agian.
* From different IP. Some tries to use your clients user/pass from another location.
Quote:
Jan 27 07:59:44 server2 CCcam: user badboy login attempt from 85.16.213.176
Jan 27 07:59:44 server2 CCcam: double login (badboy), (previous 84.202.182.63), reject
Jan 27 07:59:44 server2 CCcam: kick 85.16.213.176(), bad command
This command does list all double user login atempts:
cat /var/log/daemon.log | grep "double" | awk ' {arr[$8]++; next} END { for (i in arr) { if(arr[i]>0 ) {print i,arr[i] } } } ' | sort
Quote:
(dm800), 19
(darkman), 4
(pedro), 76
* (10) Double login from your server
This is directly related to "Double login to your server". If your server(client part) for some reason loose network connection to remote server, it will try to log in again. This may be recorded on remote server as "Double login" from same IP
Quote:
Jan 28 14:34:09 server2 CCcam: login at server.dyndns.tv:12000 failed, server message: client 109.19.187.17 already connected
* (11) Double nodeid to Your Server
If a user has two CCcam servers running on same server you see this. It is possible to run separate node id, but not easy.
Quote:
Jan 25 22:54:40 server2 CCcam: WARNING: double nodeid, user garbimbbit and troja
* (12)Wrong password to your server
Username do exist in your server but user tries wrong password
Quote:
13:43:14.673 CCcam: login from 129.21.143.231
13:43:14.745 CCcam: user demo login attempt from 129.21.143.231
13:43:14.746 CCcam: wrong password supplied by 129.21.143.231
13:43:14.746 CCcam: kick 129.21.143.231, signature failed
Command to show what IP do use wrong password
cat /var/log/daemon.log | grep "wrong" | awk ' {arr[$10]++; next} END { for (i in arr) { if(arr[i]>0 ) {print i,arr[i] } } } '
Quote:
194.11.10.41 2
This command do list the line above wrong password to try to list username. There may be other entries between wrong password and username.
cat /var/log/daemon.log | grep -B4 "wrong"
Quote:
Jan 29 08:45:00 server2 CCcam: login from 194.110.10.41
Jan 29 08:45:00 server2 CCcam: user dm800 login attempt from 194.11.10.41
Jan 29 08:45:00 server2 CCcam: [color="Red"]wrong password[COLOR] supplied by 194.11.10.41
* (13) DNS missing or no user to your Server
This may be the most important to look for. There are two reasons to see this error.
1. User that tries to log in does not exist.
2. Most commonly: You have added IP or DNS behind your F: line to prevent user from logging in from wrong site. User have for some reason changed IP, and or have not updated DNS (dyndns) after he have got a new IP.
Quote:
Jan 25 07:30:50 server2 CCcam: login from 94.211.13.180
Jan 25 07:30:50 server2 CCcam: illegal user zambibi from 94.211.13.180
Jan 25 07:30:50 server2 CCcam: kick 94.211.13.180, signature failed
This command shows what user and how many times they have tried to login in from wrong ip:
cat /var/log/daemon.log | grep illegal | awk ' {arr[$8]++; next} END { for (i in arr) { if(arr[i]>1 ) {print i,arr[i] } } } ' | sort
Quote:
pedro 606
DM8000 9
zimba 2389
* (14) Missing Internet or DNS from your Server
If you internett line are down or DNS server do not reply, you get this error message:
Quote:
Feb 10 04:25:39 server2 CCcam: failed to get address for cccam.dyndns.com
Feb 10 04:25:43 server2 CCcam: newcamd first read failed -1
Feb 10 04:25:43 server2 CCcam: keepalive failed, close connection to server2.dyndns.com
Feb 10 04:25:48 server2 CCcam: remote ecm <- server4.no-ip.com:12000 error (took 6.006 seconds)
* (15) Nonexistent Hostname
When a client connects to your F: Line and this line has an Hostname after, your server will look it up on a DNS server. If this Hostname does not exist, the user will still be able to log in (bug?).
Quote:
Apr 6 12:18:45 server2 CCcam: login from 85.18.51.53
Apr 6 12:18:45 server2 CCcam: Hostname pakmappap.dyndns.org for user test2 not found
Apr 6 12:18:45 server2 CCcam: user test2 login attempt from 85.18.51.53
Apr 6 12:18:45 server2 CCcam: client test2@6183c11e5a925aad, running CCcam 2.2.1
This commands show how many hits you have in your logfile.
cat /var/log/daemon.log | grep Hostname
* (16) Bad Command
Why we see bad command, I am not sure. This happens from all different CCcam versions. It has nothing to do with server load, since it's evenly spread out in time and server are not heavy loaded. It happens also from a single client, newly reinstalled, no re-share.
Edit: You will see bad command if you just turn off the client and its in middle of a ecm transaction. It will also be the same if network drops when its in a session. (Bad command is also displayed when double login occurs)
Quote:
Feb 4 08:15:03 server2 CCcam: kick 72.175.162.180(pedro), bad command
Feb 4 08:15:03 server2 CCcam: login from 72.175.162.180
Feb 4 08:15:03 server2 CCcam: user pedro login attempt from 72.175.162.180
Feb 4 08:15:03 server2 CCcam: client pedro@290d38d85b7a14b1, running CCcam 2.2.1
To see user and CCcam version run this command:
cat /var/log/daemon.log | grep -A3 "bad command"
* (17) Unknown
I have not found the reason for these errors. ****** give no answer.
Some user tries to login, but do not give username. Client do still work, but this message are repeated many times for some user in the log. If some has information, please post it.
Quote:
Jan 3 13:32:16 server2 CCcam: login from 111.243.115.95
Jan 3 13:32:16 server2 CCcam: kick 111.243.115.95, signature failed
Jan 3 13:32:16 server2 CCcam: login from 111.243.115.95
Jan 3 13:32:16 server2 CCcam: kick 111.243.115.95, signature failed
* (18) Other info
Quote:
"read result -1" has been replaced by "bad command"
Newcamd
NB adding N line to a Newcamd server increase the load of you server. The logs do also grow rapid large, since it seems that CCcam do read all Newcamd information every second.
* (19) Ok ECM request to newcamd
Clients asks for ECM and get ok respond from a Newcamd server
Quote:
Feb 9 08:53:09 server2 CCcam: client bingo ecm request for handler 0x64 0xb00(0x0) sid 0x57f ok: 1
Feb 9 08:53:09 server2 CCcam: newcamd ecm <- newcamd.dyndns.tv:15000 ok
* (20) Error ECM request to newcamd
Here the clients try to read ECM from Newcamd server but gets it from local card, since Newcamd cannot decode it. Why it tries Newcamd before Local card, I do not know.
Quote:
Feb 9 09:07:52 server2 CCcam: client bingo ecm request for handler 0x64 0xb00(0x0) sid 0x3ff ok: 1
Feb 9 09:07:53 server2 CCcam: newcamd ecm -> newcamd.dyndns.tv:15000
Feb 9 09:07:53 server2 CCcam: local ecm -> card /dev/ttyUSB0 0xb00(0x000) sid 0x5de
Feb 9 09:07:53 server2 CCcam: local ecm <- card /dev/ttyUSB0 ok
Feb 9 09:07:53 server2 CCcam: client bingo ecm request for handler 0x64 0xb00(0x0) sid 0x5de ok: 1
Feb 9 09:07:53 server2 CCcam: newcamd ecm <- newcamd.dyndns.tv:15000 error
* (21) Connect to newcamd
This show CCcam server connecting to a Newcamd server.
Quote:
Feb 4 13:03:59 server2 CCcam: newcamd server 193.84.46.5:12000 user: demo
Feb 4 13:04:00 server2 CCcam: newcamd caid 0d03 providers 4 userid: 0
Feb 4 13:04:00 server2 CCcam: newcamd card serial: 05057100
Feb 4 13:04:00 server2 CCcam: newcamd prov 00 000004 00000000
Feb 4 13:04:00 server2 CCcam: newcamd prov 01 000008 00000000
Feb 4 13:04:00 server2 CCcam: newcamd prov 02 000024 00000000
Feb 4 13:04:00 server2 CCcam: newcamd prov 03 000028 00000000
Last 5 lines shows card type and what provider it decodes
* (22) No user
Your CCcam server tires to conncet to a Newcamd but user does not exists
Quote:
Feb 4 12:58:00 server2 CCcam: newcamd server 193.84.46.5:12000 user: foche54
Feb 4 12:58:00 server2 CCcam: newcamd receive error: no login ack
* (22) Wrong password
Trying to connect to a Newcamd server from CCcam with wrong password, but have correct username
Quote:
Feb 4 13:05:32 server2 CCcam: newcamd server 193.84.46.5:12000 user: foche54
Feb 4 13:05:32 server2 CCcam: newcamd first read failed 0
Feb 4 13:05:32 server2 CCcam: newcamd receive error -1
Real-time debugging
You can always look at the debug file, but since it grows very large we need some tool to control the output.
tail -n 10 /var/log/daemon.log
Her you get the last 10 lines of the debug file. You can change the 10 to any number you like.
A better way is to use this:
tail -f /var/log/daemon.log
Now you do get all new line added listed. This is near real time info from the log file. Problem with this is that the amounts of information are huge.
To solve the information overflow, use this line:
tail -f /var/log/daemon.log | grep -vE '(ecm request|local ecm|remote ecm|snmpd|emm|repeated|ntpd|newcamd)'
This will give you errors only
Other info
IP address
DNS address
User name
Triggerword
There may be error in this post. If you find any give me a pm and I will update. If there are some other information you do now about not listed, also PM me or post it here.
(all name and IP has been change and are no real)
If you like this post, use Thank You button
This is an article that tries to help understanding how to debug CCcam events.
Understanding this may help you to get a more stable server.
To achieve this you need to remove all/most of ongoing errors.
Example commands to find errors are also included.
To get a stable server follow this important rules:
1. Do NOT use port 12000 (user a high like 53232)
2. Quality before Quantity
3. Never ever add a peer without having userīs email/msn. This way you can ask him if some is wrong.
4. Add DNS/IP at the end of your F: lines Example:
F: username password 1 0 0 { 0:0:1 } { } { } [color="RoyalBlue"]myservercam.dyndns.org[\COLOR]
5. If you remove a peer, do tell him that you have done, and ask him to remove his C: line. If you remove a client and hi does not remove his C: line, he will fill up you log, trying to reconnect. Re-add his F: line but do not give him any cards. Example:
F: username password 0 0 0 { 0:0:0 }
First step is to enable CCcam debugging. This can be done in one or two ways.
1. Run CCcam from command prompt like this: /var/bin/CCcam -d >>/var/log/debug & You need to stop the CCcam by kill it before you restart it with options.
2. If you have a linux server like Ubuntu, you can add this info to CCcam.cfg: DEBUG : yes. This option is fine, since you do not need to restart CCcam server. Debug data are then logged to /var/log/debug
Warning: Log files do grow rapidly large.
Other debug options
CCcam.x86 -h
Quote:
usage: CCcam [-d] [-C <configfile>]
-d run in the foreground (implies -v and -q)
-v be verbose
-q don't use syslog (use on old systems)
-C <configfile> use <configfile> instead of default (/var/etc/CCcam.cfg)
-f filter on specific demux data (saves some CPU,
but some platforms might not handle this very well)
-n show network packets
-s disable server
-t show timing
-l disable self-learning capabilities
Debug info
* (1) Starting CCcam
When CCcam server start it shows you some useful information.
Quote:
Jan 9 00:10:17 server2 CCcam: ================================================== ====================
Jan 9 00:10:17 server2 CCcam: starting CCcam 2.2.1 compiled on Nov 21 2010@02:35:58
Jan 9 00:10:17 server2 CCcam: ================================================== ====================
Jan 9 00:10:17 server2 CCcam: online using nodeId f33bbb682caa9cec
Jan 9 00:10:17 server2 CCcam: create 1 cam device(s)
Jan 9 00:10:17 server2 CCcam: card detect fail
Jan 9 00:10:17 server2 CCcam: readKeyfile: cannot open /var/keys/SoftCam.Key or not found
Jan 9 00:10:17 server2 CCcam: readKeyfile: cannot open /var/keys/AutoRoll.Key or not found
Jan 9 00:10:17 server2 CCcam: static cw not found or bad
Jan 9 00:10:17 server2 CCcam: parsed 0 entries from /var/etc/CCcam.prio
Jan 9 00:10:17 server2 CCcam: added 832 provider names from /var/etc/CCcam.providers
Jan 9 00:10:18 server2 CCcam: added 11522 channel names from /var/etc/CCcam.channelinfo
Jan 9 00:10:18 server2 CCcam: server started on port 12000
Jan 9 00:10:18 server2 CCcam: card detect fail
Jan 9 00:10:19 server2 CCcam: card detect fail
Jan 9 00:10:21 server2 CCcam: /dev/ttyUSB0 configured clock frequency: 5600000 Hz
Jan 9 00:10:21 server2 CCcam: conax card found
Jan 9 00:10:21 server2 CCcam: card added to broker with caid b00
It seems that the server tries some time to detect your card and do not see it the first couple of times.
Since login from users start up, it may not be so easy to see all lines as show here.
To see all restart in logfile, run:
cat /var/log/daemon.log | grep -1 ====
* (2) Normal login to you Server
This shows a normal login from a client to your server:
Quote:
Jan 17 13:34:53 server2 CCcam: login from 66.255.5.153
Jan 17 13:34:53 server2 CCcam: user pedro login attempt from 66.55.5.153
Jan 17 13:34:53 server2 CCcam: client pedro@a9d6346630a9639c, running CCcam 2.1.2
* (3) Changed config
If you edit CCcam.cfg this is logged
Quote:
Jan 28 14:36:15 server2 CCcam: configfile changed. Updating...
* (4) KeepAlive
To keep server and clients connected, there are sent keep alive packed. If the user turn off his server, or network connection are lost, you do see this:
Quote:
Jan 21 15:14:09 server2 CCcam: keepalive failed, close connection to server.dyndns.org
* (5) ECM
Most of the debug file will contain information on ECM handling. You get Error when some request ECM for a channel that is from a card you have, but not able to open the channel.
From remote server Ok:
Quote:
Jan 18 09:36:53 server2 CCcam: client demodemo ecm request for handler 0x64 0xb00(0x0) sid 0x135 ok: 1
Jan 18 09:36:54 server2 CCcam: remote ecm -> server.dyndns.org:12000 0xb00(0x000)
Jan 18 09:36:54 server2 CCcam: remote ecm <- server.dyndns.org:12000 ok
From remote server Cache:
Quote:
Jan 18 09:36:54 server2 CCcam: remote ecm <- server.dyndns.org:12000 cws from cache
From remote server Error:
Quote:
Jan 18 09:36:54 server2 CCcam: remote ecm <- server.dyndns.org:12000 error
From local card Ok:
Quote:
Jan 21 17:34:01 server2 CCcam: client pedro ecm request for handler 0x64 0xb00(0x0) sid 0xdbb ok: 1
Jan 21 17:34:01 server2 CCcam: local ecm -> card /dev/ttyUSB0 0xb00(0x000) sid 0x5dd
Jan 21 17:34:01 server2 CCcam: local ecm <- card /dev/ttyUSB0 ok
From local card from Cache:
Quote:
Jan 21 17:34:01 server2 CCcam: local ecm <- card /dev/ttyUSB0 cw's from cache
From local card Error:
Quote:
Jan 21 17:34:01 server2 CCcam: local ecm <- card /dev/ttyUSB0 error
* (6) ECM timing
To see ECM timing, you need to turn it on in CCcam.cfg with this command SHOW TIMING: yes or starting CCcam with with -dt like this CCcam -dt
Quote:
Jan 11 20:53:34 server2 CCcam: remote ecm <- cccam.dyndns.com:12000 ok (took 0.210 seconds)
Jan 11 20:53:34 server2 CCcam: client pedro ecm request for handler 0x31e5f 0x90f(0x0) sid 0xdb5 ok: 1 (took 0.121 seconds)
You will then see how long an ECM request takes (at end of line). This do add some extra load on CCcam server, so take care.
* (7) EMM
EMM are the codes that keep your cards alive. If you do not get this and have cards in your server, it will die after some time.
Quote:
Jan 29 14:47:13 server2 CCcam: local emm -> card /dev/ttyUSB0 0xb00(0x000)
Jan 29 14:47:13 server2 CCcam: local emm <- card /dev/ttyUSB0 ok
Jan 29 14:47:13 server2 CCcam: client garbimbbit emm 0xb00(0x0) ok: 1
* (8) Portscan-Telnet to your Server
If some just open the CCcam port without logging in you get this info. This can come from some doung portscan, or just do a telnet yourip 12000
Quote:
Jan 16 14:22:19 server2 CCcam: login from 155.10.10.132
Jan 16 14:22:25 server2 CCcam: kick 155.10.10.132, bad response
This command, do list all ip sorted and counted:
grep "bad response" | awk ' {arr[$7]++; next} END { for (i in arr) { if(arr[i]>0 ) {print i,arr[i] } } } ' | sort
Quote:
84.20.182.97, 1
84.191.27.229, 3
85.16.46.59, 14
* (9) Double login to your Server
Two or more users try to log in to your server using same username.
This can be due to one ore more reason:
* From same IP. A user have more than one CCcam session runniing on his server that uses same CCcam.cfg
* From same IP. A user may run to clients using same CCcam.cfg
* Fram same IP. Client or you have packet drop (bad internet line), clients thinks he lost server and tries to login agian.
* From different IP. Some tries to use your clients user/pass from another location.
Quote:
Jan 27 07:59:44 server2 CCcam: user badboy login attempt from 85.16.213.176
Jan 27 07:59:44 server2 CCcam: double login (badboy), (previous 84.202.182.63), reject
Jan 27 07:59:44 server2 CCcam: kick 85.16.213.176(), bad command
This command does list all double user login atempts:
cat /var/log/daemon.log | grep "double" | awk ' {arr[$8]++; next} END { for (i in arr) { if(arr[i]>0 ) {print i,arr[i] } } } ' | sort
Quote:
(dm800), 19
(darkman), 4
(pedro), 76
* (10) Double login from your server
This is directly related to "Double login to your server". If your server(client part) for some reason loose network connection to remote server, it will try to log in again. This may be recorded on remote server as "Double login" from same IP
Quote:
Jan 28 14:34:09 server2 CCcam: login at server.dyndns.tv:12000 failed, server message: client 109.19.187.17 already connected
* (11) Double nodeid to Your Server
If a user has two CCcam servers running on same server you see this. It is possible to run separate node id, but not easy.
Quote:
Jan 25 22:54:40 server2 CCcam: WARNING: double nodeid, user garbimbbit and troja
* (12)Wrong password to your server
Username do exist in your server but user tries wrong password
Quote:
13:43:14.673 CCcam: login from 129.21.143.231
13:43:14.745 CCcam: user demo login attempt from 129.21.143.231
13:43:14.746 CCcam: wrong password supplied by 129.21.143.231
13:43:14.746 CCcam: kick 129.21.143.231, signature failed
Command to show what IP do use wrong password
cat /var/log/daemon.log | grep "wrong" | awk ' {arr[$10]++; next} END { for (i in arr) { if(arr[i]>0 ) {print i,arr[i] } } } '
Quote:
194.11.10.41 2
This command do list the line above wrong password to try to list username. There may be other entries between wrong password and username.
cat /var/log/daemon.log | grep -B4 "wrong"
Quote:
Jan 29 08:45:00 server2 CCcam: login from 194.110.10.41
Jan 29 08:45:00 server2 CCcam: user dm800 login attempt from 194.11.10.41
Jan 29 08:45:00 server2 CCcam: [color="Red"]wrong password[COLOR] supplied by 194.11.10.41
* (13) DNS missing or no user to your Server
This may be the most important to look for. There are two reasons to see this error.
1. User that tries to log in does not exist.
2. Most commonly: You have added IP or DNS behind your F: line to prevent user from logging in from wrong site. User have for some reason changed IP, and or have not updated DNS (dyndns) after he have got a new IP.
Quote:
Jan 25 07:30:50 server2 CCcam: login from 94.211.13.180
Jan 25 07:30:50 server2 CCcam: illegal user zambibi from 94.211.13.180
Jan 25 07:30:50 server2 CCcam: kick 94.211.13.180, signature failed
This command shows what user and how many times they have tried to login in from wrong ip:
cat /var/log/daemon.log | grep illegal | awk ' {arr[$8]++; next} END { for (i in arr) { if(arr[i]>1 ) {print i,arr[i] } } } ' | sort
Quote:
pedro 606
DM8000 9
zimba 2389
* (14) Missing Internet or DNS from your Server
If you internett line are down or DNS server do not reply, you get this error message:
Quote:
Feb 10 04:25:39 server2 CCcam: failed to get address for cccam.dyndns.com
Feb 10 04:25:43 server2 CCcam: newcamd first read failed -1
Feb 10 04:25:43 server2 CCcam: keepalive failed, close connection to server2.dyndns.com
Feb 10 04:25:48 server2 CCcam: remote ecm <- server4.no-ip.com:12000 error (took 6.006 seconds)
* (15) Nonexistent Hostname
When a client connects to your F: Line and this line has an Hostname after, your server will look it up on a DNS server. If this Hostname does not exist, the user will still be able to log in (bug?).
Quote:
Apr 6 12:18:45 server2 CCcam: login from 85.18.51.53
Apr 6 12:18:45 server2 CCcam: Hostname pakmappap.dyndns.org for user test2 not found
Apr 6 12:18:45 server2 CCcam: user test2 login attempt from 85.18.51.53
Apr 6 12:18:45 server2 CCcam: client test2@6183c11e5a925aad, running CCcam 2.2.1
This commands show how many hits you have in your logfile.
cat /var/log/daemon.log | grep Hostname
* (16) Bad Command
Why we see bad command, I am not sure. This happens from all different CCcam versions. It has nothing to do with server load, since it's evenly spread out in time and server are not heavy loaded. It happens also from a single client, newly reinstalled, no re-share.
Edit: You will see bad command if you just turn off the client and its in middle of a ecm transaction. It will also be the same if network drops when its in a session. (Bad command is also displayed when double login occurs)
Quote:
Feb 4 08:15:03 server2 CCcam: kick 72.175.162.180(pedro), bad command
Feb 4 08:15:03 server2 CCcam: login from 72.175.162.180
Feb 4 08:15:03 server2 CCcam: user pedro login attempt from 72.175.162.180
Feb 4 08:15:03 server2 CCcam: client pedro@290d38d85b7a14b1, running CCcam 2.2.1
To see user and CCcam version run this command:
cat /var/log/daemon.log | grep -A3 "bad command"
* (17) Unknown
I have not found the reason for these errors. ****** give no answer.
Some user tries to login, but do not give username. Client do still work, but this message are repeated many times for some user in the log. If some has information, please post it.
Quote:
Jan 3 13:32:16 server2 CCcam: login from 111.243.115.95
Jan 3 13:32:16 server2 CCcam: kick 111.243.115.95, signature failed
Jan 3 13:32:16 server2 CCcam: login from 111.243.115.95
Jan 3 13:32:16 server2 CCcam: kick 111.243.115.95, signature failed
* (18) Other info
Quote:
"read result -1" has been replaced by "bad command"
Newcamd
NB adding N line to a Newcamd server increase the load of you server. The logs do also grow rapid large, since it seems that CCcam do read all Newcamd information every second.
* (19) Ok ECM request to newcamd
Clients asks for ECM and get ok respond from a Newcamd server
Quote:
Feb 9 08:53:09 server2 CCcam: client bingo ecm request for handler 0x64 0xb00(0x0) sid 0x57f ok: 1
Feb 9 08:53:09 server2 CCcam: newcamd ecm <- newcamd.dyndns.tv:15000 ok
* (20) Error ECM request to newcamd
Here the clients try to read ECM from Newcamd server but gets it from local card, since Newcamd cannot decode it. Why it tries Newcamd before Local card, I do not know.
Quote:
Feb 9 09:07:52 server2 CCcam: client bingo ecm request for handler 0x64 0xb00(0x0) sid 0x3ff ok: 1
Feb 9 09:07:53 server2 CCcam: newcamd ecm -> newcamd.dyndns.tv:15000
Feb 9 09:07:53 server2 CCcam: local ecm -> card /dev/ttyUSB0 0xb00(0x000) sid 0x5de
Feb 9 09:07:53 server2 CCcam: local ecm <- card /dev/ttyUSB0 ok
Feb 9 09:07:53 server2 CCcam: client bingo ecm request for handler 0x64 0xb00(0x0) sid 0x5de ok: 1
Feb 9 09:07:53 server2 CCcam: newcamd ecm <- newcamd.dyndns.tv:15000 error
* (21) Connect to newcamd
This show CCcam server connecting to a Newcamd server.
Quote:
Feb 4 13:03:59 server2 CCcam: newcamd server 193.84.46.5:12000 user: demo
Feb 4 13:04:00 server2 CCcam: newcamd caid 0d03 providers 4 userid: 0
Feb 4 13:04:00 server2 CCcam: newcamd card serial: 05057100
Feb 4 13:04:00 server2 CCcam: newcamd prov 00 000004 00000000
Feb 4 13:04:00 server2 CCcam: newcamd prov 01 000008 00000000
Feb 4 13:04:00 server2 CCcam: newcamd prov 02 000024 00000000
Feb 4 13:04:00 server2 CCcam: newcamd prov 03 000028 00000000
Last 5 lines shows card type and what provider it decodes
* (22) No user
Your CCcam server tires to conncet to a Newcamd but user does not exists
Quote:
Feb 4 12:58:00 server2 CCcam: newcamd server 193.84.46.5:12000 user: foche54
Feb 4 12:58:00 server2 CCcam: newcamd receive error: no login ack
* (22) Wrong password
Trying to connect to a Newcamd server from CCcam with wrong password, but have correct username
Quote:
Feb 4 13:05:32 server2 CCcam: newcamd server 193.84.46.5:12000 user: foche54
Feb 4 13:05:32 server2 CCcam: newcamd first read failed 0
Feb 4 13:05:32 server2 CCcam: newcamd receive error -1
Real-time debugging
You can always look at the debug file, but since it grows very large we need some tool to control the output.
tail -n 10 /var/log/daemon.log
Her you get the last 10 lines of the debug file. You can change the 10 to any number you like.
A better way is to use this:
tail -f /var/log/daemon.log
Now you do get all new line added listed. This is near real time info from the log file. Problem with this is that the amounts of information are huge.
To solve the information overflow, use this line:
tail -f /var/log/daemon.log | grep -vE '(ecm request|local ecm|remote ecm|snmpd|emm|repeated|ntpd|newcamd)'
This will give you errors only
Other info
IP address
DNS address
User name
Triggerword
There may be error in this post. If you find any give me a pm and I will update. If there are some other information you do now about not listed, also PM me or post it here.
(all name and IP has been change and are no real)
If you like this post, use Thank You button
Comment