==================================================================================================
This is an article that tries to help understanding how to debug CCcam events.
Understanding this may help you to get a more stable server.
To achieve this you need to remove all/most of ongoing errors.
Example commands to find errors are also included.
To get a stable server follow this important rules:
1. Do NOT use port 12000 (use a high like 53232)
2. Quality before Quantity
3. Never ever add a peer without having users email/msn. This way you can ask him if some is wrong.
4. Add DNS/IP at the end of your F: lines
5. If you remove a peer, do tell him that you have done, and ask him to remove his C: line
First step is to enable CCcam debugging. This can be done in one or two ways.
1. Run CCcam from command prompt like this: /var/bin/CCcam -d >>/tmp/debug &
You need to stop the CCcam by kill it before you restart it with options.
2. If you have a linux server like Ubuntu, you can add this info to CCcam.cfg: DEBUG : yes
This option is fine, since you do not need to restart CCcam server.
Debug data are then logged to /var/log/debug
Warning: Log files do grow rapidly large.
Debug
- ECM
Most of the debug file will contain information on ECM handeling like this:
From remote server:
Jan 18 09:36:54 server2 CCcam: client demo ecm request for handler 0x64 0xb00(0x0) sid 0x135 ok: 1
Jan 18 09:36:54 server2 CCcam: remote ecm -> server.dyndns.org:12000 0xb00(0x000)
Jan 18 09:36:54 server2 CCcam: remote ecm <- server.dyndns.org:12000 ok
Local card:
Jan 21 17:34:01 server2 CCcam: client demo ecm request for handler 0x64 0xb00(0x0) sid 0xdbb ok: 1
Jan 21 17:34:01 server2 CCcam: local ecm -> card /dev/ttyUSB0 0xb00(0x000) sid 0x5dd
Jan 21 17:34:01 server2 CCcam: local ecm <- card /dev/ttyUSB0 cw's from cache - EMM
EMM are the codes that keep you card alive. If you do not get this and have cards in your server, it will die after some time.
Jan 29 14:47:13 server2 CCcam: local emm -> card /dev/ttyUSB0 0xb00(0x000)
Jan 29 14:47:13 server2 CCcam: local emm <- card /dev/ttyUSB0 ok
Jan 29 14:47:13 server2 CCcam: client demo emm 0xb00(0x0) ok: 1 - Normal login
This shows a normal login from a client to your server:
Jan 17 13:34:53 server2 CCcam: login from 1.2.3.4
Jan 17 13:34:53 server2 CCcam: user demo login attempt from 1.2.3.4
Jan 17 13:34:53 server2 CCcam: client demo@a9d6346630a9639c, running CCcam 2.1.1 - Portscan-Telnet
If someone just open the CCcam port without logging in you get this info. This can come from some doing portscan, or just do a telnet yourip 12000
Jan 16 14:22:19 server2 CCcam: login from 4.3.2.1
Jan 16 14:22:25 server2 CCcam: kick 4.3.2.1, bad response
This command, do list all ip sorted and counted:
cat /var/log/daemon.log | grep "bad response" | awk ' {arr[$7]++; next} END { for (i in arr) { if(arr>0 ) {print i,arr } } } ' | sortCode: Alles auswählen
84.20.182.1, 1 84.191.27.2, 3 85.16.46.3, 14
- Double login
Two or more users tries to login to your server using same username
Jan 27 07:59:44 server2 CCcam: user badboy login attempt from 1.2.3.4
Jan 27 07:59:44 server2 CCcam: double login (badboy), (previous 1.2.3.5), reject
Jan 27 07:59:44 server2 CCcam: kick 1.2.3.4(), bad command
This command do list all double user login atempts:
cat /var/log/daemon.log | grep "double" | awk ' {arr[$8]++; next} END { for (i in arr) { if(arr>0 ) {print i,arr } } } ' | sortCode: Alles auswählen
(dm800), 19 (badboy), 4 (demo), 76
- Double nodeid
If a user has two CCcam servers running on same server. It may be possible to run separate node id, but not easy.
Jan 25 22:54:40 server2 CCcam: WARNING: double nodeid, user demo and badboy - Wrong password
Username do exits in your server but user tries wrong password
13:43:14.673 CCcam: login from 1.2.3.4
13:43:14.745 CCcam: user demo login attempt from 1.2.3.4
13:43:14.746 CCcam: wrong password supplied by 1.2.3.4
13:43:14.746 CCcam: kick 1.2.3.4, signature failed
Command to show what IP do use wrong password
cat /var/log/daemon.log | grep "wrong" | awk ' {arr[$10]++; next} END { for (i in arr) { if(arr>0 ) {print i,arr } } } 'This command do list the line above wrong password to try to list username. There may be other entries between wrong password and username.Code: Alles auswählen
194.11.10.1 2
cat /var/log/daemon.log | grep -B4 "wrong"Code: Alles auswählen
Jan 29 08:45:00 server2 CCcam: local ecm -> card /dev/ttyUSB0 0xb00(0x000) sid 0x1772 Jan 29 08:45:00 server2 CCcam: remote ecm -> 62.54.14.4:15000 0xb00(0x000) Jan 29 08:45:00 server2 CCcam: login from 194.110.10.1 Jan 29 08:45:00 server2 CCcam: user dm800 login attempt from 194.11.10.1 Jan 29 08:45:00 server2 CCcam: wrong password supplied by 194.11.10.1
- DNS or no user
This may be the most important to look for. There are two reasons to see this error.
1. User that tries to login but does not exists.
2. Most commonly: You have added IP or DNS behind your F: line to prevent user from logging in from wrong site. User have for some reason changed IP, and or have not updated DNS (dyndns) after he have got a new IP.
Jan 25 07:30:50 server2 CCcam: login from 1.2.3.4
Jan 25 07:30:50 server2 CCcam: illegal user badboy from 1.2.3.4
Jan 25 07:30:50 server2 CCcam: kick 1.2.3.4, signature failed
This command shows what user and how many times they have tried to login in from wrong ip:
cat /var/log/daemon.log | grep illegal | awk ' {arr[$8]++; next} END { for (i in arr) { if(arr>1 ) {print i,arr } } } ' | sortCode: Alles auswählen
demo 606 dm800 9 badboy 2389
Other info
This command do show last 100 important events in log file.
cat /var/log/daemon.log | grep -vE '(ecm request|local ecm|remote ecm|snmpd|emm|repeated|ntpd)' | tail -n 100
Real-time debugging
You can always look at the debug file, but since it grow very large we need to control the output.tail -n 10 /var/log/daemon.log
Her you get the last 10 lines of the debug file. You can change the 10 to any number you like.
A better way is to use this:
tail -f /var/log/daemon.log
Now you do get all new line added listed. This is near real time info from the log file. Problem with this is that the amount of information are huge.
To solve the information overflow, use this line:
tail -f /var/log/daemon.log | grep -vE '(ecm request|local ecm|remote ecm|snmpd|emm|repeated|ntpd|newcamd)'
This will give you errors only.
==================================================================================================