Debugging

feissmaik
Entwickler Team
Beiträge: 2576
Registriert: So 17. Apr 2011, 11:39
Been thanked: 1 time
Kontaktdaten:

Debugging

Beitrag von feissmaik »

credits: jotne
==================================================================================================

This is an article that tries to help understanding how to debug CCcam events.
Understanding this may help you to get a more stable server.
To achieve this you need to remove all/most of ongoing errors.
Example commands to find errors are also included.

To get a stable server follow this important rules:

1. Do NOT use port 12000 (use a high like 53232)
2. Quality before Quantity
3. Never ever add a peer without having users email/msn. This way you can ask him if some is wrong.
4. Add DNS/IP at the end of your F: lines
5. If you remove a peer, do tell him that you have done, and ask him to remove his C: line


First step is to enable CCcam debugging. This can be done in one or two ways.

1. Run CCcam from command prompt like this: /var/bin/CCcam -d >>/tmp/debug &
You need to stop the CCcam by kill it before you restart it with options.

2. If you have a linux server like Ubuntu, you can add this info to CCcam.cfg: DEBUG : yes
This option is fine, since you do not need to restart CCcam server.
Debug data are then logged to /var/log/debug

Warning: Log files do grow rapidly large.


Debug
  • ECM
    Most of the debug file will contain information on ECM handeling like this:

    From remote server:
    Jan 18 09:36:54 server2 CCcam: client demo ecm request for handler 0x64 0xb00(0x0) sid 0x135 ok: 1
    Jan 18 09:36:54 server2 CCcam: remote ecm -> server.dyndns.org:12000 0xb00(0x000)
    Jan 18 09:36:54 server2 CCcam: remote ecm <- server.dyndns.org:12000 ok

    Local card:
    Jan 21 17:34:01 server2 CCcam: client demo ecm request for handler 0x64 0xb00(0x0) sid 0xdbb ok: 1
    Jan 21 17:34:01 server2 CCcam: local ecm -> card /dev/ttyUSB0 0xb00(0x000) sid 0x5dd
    Jan 21 17:34:01 server2 CCcam: local ecm <- card /dev/ttyUSB0 cw's from cache
  • EMM
    EMM are the codes that keep you card alive. If you do not get this and have cards in your server, it will die after some time.

    Jan 29 14:47:13 server2 CCcam: local emm -> card /dev/ttyUSB0 0xb00(0x000)
    Jan 29 14:47:13 server2 CCcam: local emm <- card /dev/ttyUSB0 ok
    Jan 29 14:47:13 server2 CCcam: client demo emm 0xb00(0x0) ok: 1
  • Normal login
    This shows a normal login from a client to your server:

    Jan 17 13:34:53 server2 CCcam: login from 1.2.3.4
    Jan 17 13:34:53 server2 CCcam: user demo login attempt from 1.2.3.4
    Jan 17 13:34:53 server2 CCcam: client demo@a9d6346630a9639c, running CCcam 2.1.1
  • Portscan-Telnet
    If someone just open the CCcam port without logging in you get this info. This can come from some doing portscan, or just do a telnet yourip 12000

    Jan 16 14:22:19 server2 CCcam: login from 4.3.2.1
    Jan 16 14:22:25 server2 CCcam: kick 4.3.2.1, bad response

    This command, do list all ip sorted and counted:
    cat /var/log/daemon.log | grep "bad response" | awk ' {arr[$7]++; next} END { for (i in arr) { if(arr>0 ) {print i,arr } } } ' | sort

    Code: Alles auswählen

    84.20.182.1, 1
    84.191.27.2, 3
    85.16.46.3, 14
  • Double login
    Two or more users tries to login to your server using same username

    Jan 27 07:59:44 server2 CCcam: user badboy login attempt from 1.2.3.4
    Jan 27 07:59:44 server2 CCcam: double login (badboy), (previous 1.2.3.5), reject
    Jan 27 07:59:44 server2 CCcam: kick 1.2.3.4(), bad command

    This command do list all double user login atempts:
    cat /var/log/daemon.log | grep "double" | awk ' {arr[$8]++; next} END { for (i in arr) { if(arr>0 ) {print i,arr } } } ' | sort

    Code: Alles auswählen

    (dm800), 19
    (badboy), 4
    (demo), 76
  • Double nodeid
    If a user has two CCcam servers running on same server. It may be possible to run separate node id, but not easy.

    Jan 25 22:54:40 server2 CCcam: WARNING: double nodeid, user demo and badboy
  • Wrong password
    Username do exits in your server but user tries wrong password

    13:43:14.673 CCcam: login from 1.2.3.4
    13:43:14.745 CCcam: user demo login attempt from 1.2.3.4
    13:43:14.746 CCcam: wrong password supplied by 1.2.3.4
    13:43:14.746 CCcam: kick 1.2.3.4, signature failed

    Command to show what IP do use wrong password
    cat /var/log/daemon.log | grep "wrong" | awk ' {arr[$10]++; next} END { for (i in arr) { if(arr>0 ) {print i,arr } } } '

    Code: Alles auswählen

    194.11.10.1 2
    This command do list the line above wrong password to try to list username. There may be other entries between wrong password and username.
    cat /var/log/daemon.log | grep -B4 "wrong"

    Code: Alles auswählen

    Jan 29 08:45:00 server2 CCcam: local ecm -> card /dev/ttyUSB0 0xb00(0x000) sid 0x1772
    Jan 29 08:45:00 server2 CCcam: remote ecm -> 62.54.14.4:15000 0xb00(0x000)
    Jan 29 08:45:00 server2 CCcam: login from 194.110.10.1
    Jan 29 08:45:00 server2 CCcam: user dm800 login attempt from 194.11.10.1
    Jan 29 08:45:00 server2 CCcam: wrong password supplied by 194.11.10.1
    
  • DNS or no user
    This may be the most important to look for. There are two reasons to see this error.
    1. User that tries to login but does not exists.
    2. Most commonly: You have added IP or DNS behind your F: line to prevent user from logging in from wrong site. User have for some reason changed IP, and or have not updated DNS (dyndns) after he have got a new IP.

    Jan 25 07:30:50 server2 CCcam: login from 1.2.3.4
    Jan 25 07:30:50 server2 CCcam: illegal user badboy from 1.2.3.4
    Jan 25 07:30:50 server2 CCcam: kick 1.2.3.4, signature failed

    This command shows what user and how many times they have tried to login in from wrong ip:
    cat /var/log/daemon.log | grep illegal | awk ' {arr[$8]++; next} END { for (i in arr) { if(arr>1 ) {print i,arr } } } ' | sort

    Code: Alles auswählen

    demo 606
    dm800 9
    badboy 2389

Other info
This command do show last 100 important events in log file.
cat /var/log/daemon.log | grep -vE '(ecm request|local ecm|remote ecm|snmpd|emm|repeated|ntpd)' | tail -n 100


Real-time debugging
You can always look at the debug file, but since it grow very large we need to control the output.
tail -n 10 /var/log/daemon.log
Her you get the last 10 lines of the debug file. You can change the 10 to any number you like.

A better way is to use this:
tail -f /var/log/daemon.log
Now you do get all new line added listed. This is near real time info from the log file. Problem with this is that the amount of information are huge.

To solve the information overflow, use this line:
tail -f /var/log/daemon.log | grep -vE '(ecm request|local ecm|remote ecm|snmpd|emm|repeated|ntpd|newcamd)'
This will give you errors only.


==================================================================================================
Du musst nicht kämpfen um zu siegen

Wer ist online?

Mitglieder in diesem Forum: 0 Mitglieder und 0 Gäste