From ZoneMinder

Ubuntu 9.04 server 32bits with Zoneminder´s subversion 1.24.X

Contents 1 misc information 2 pre-installation 3 ubuntu installation 4 server Post-installation procedures 5 ZM installation 5.1 Changes for Lib Paths 5.2 Install All Prerequisites 5.3 Install Perl Modules 5.4 FFmpeg & ZoneMinder from SVN 5.4.1 Install FFmpeg 5.5 Install & Config ZoneMinder 5.6 Post Install 5.6.1 Install cambozola.jar 5.6.2 Remove existing index.html 5.6.3 Make sure ZoneMinder starts automatically 5.6.4 final testings and procedures 6 extra configurations 6.1 Mail Server integration 6.1.1 use external isp to send emails 6.1.2 ZM email and filter config 6.2 Creating a custom skin to your mobile 7 TODO 7.1 exporting videos 8 Additional suggested softwares 9 troubleshooting 10 Desktop over server consideration 11 wishlist 12 comments

misc information

• The really important steps in this walkthrough regarding zoneminder (section 5) are entirely based on (and *pasted* from) Jsylvia007´s great tutorial;

http://www.zoneminder.com/wiki/index.php?title=Ubuntu_8.10_Vanilla_32bit_(with_FFmpeg_SVN%2C_ZoneMinder_SVN%2C_jscalendar-1.0%2C_cambozola-0.7)

• Used an old rig with amd semprom 3000+ cpu (1.80GHz) 512mb ram, asus mobo, on-board video, so-called Pico2000 cheap chinese capture card, that has a single bt878 chip for 30fps (gives just a little few fps with 4 inputs at the same time);

• at the end of the guide (including zm and webmin), this install took only 2.49Gb of hd space, and with everything up and running, and from the real 465.46MB of ram, only about 143.66MB were in use, with the system processing images from 4 analog 320*240 cameras, all of them under "modetect"; CPU load averages were good (<0.30 most of the time); Of course you need to reserve space for recorded events, so i recommend a minimum of 5 to 6GB for the main partition; but you may easily deploy the base system in one partition and have another one exclusively for the zm events dir, wich is changed via the web interface > options > path;

• port limitations: my great isp blocks some important ports, like 22, 25, 80, and so on... in order to detour that limitations, i have to try and use alternate ports for ssh, http, ftp, webmin and whatever; also, you will have to set the router to "forward" those default or changed ports to your machine ip; (later on we will prepare the server to have fixed ip if you don´t do that by install time);

pre-installation

• burn ubuntu cd, by downloading server 32 bit iso; check https://help.ubuntu.com/community/BurningIsoHowto in case;

• boot from the cd, choose "check disk for defects" to certify you have a valid cd; (aprox. 5 minutes)

• arrange a partition for the system and another for swap; i suggest the swap partition to be the double of the ram memory; (or have a dedicated hd for your server and choose guided install simply); you may also let this to be decided/done during the installation process;

ubuntu installation

(takes no more than 20 minutes; find related/detailed installation info on http://ubuntuguide.org/wiki/Ubuntu:Jaunty)

• choose the language and hit "install ubuntu server", then the language for the installation, region, country, detect keyboard layout; consider to choose "english" so that you can google more easily when you face a problem during install-time...

• choose a hostname for your server; (refer to http://movealong.org/hostname.html if not sure)

• select a time zone

• select a partitioning method, where "guided - use the entire disk and set up lvm" is the recommended default; actually i chose "manual", because i have already done my partitioning schemme, then selected the system partition, set it to be used as "ext3 journaling fs", then choose the "mount point" to be "/ - the root file system", then hit "done setting up", then choose a partition to be used as swap, enter it, mark "use as" to "swap area", then hit "done setting up...", then scroll down the page and hit "finish partitioning and write changes to disk"; now you have a last chance to check what youre about to do; check it carefully, then hit "write changes to disks";

• now you have your base system being installed; have yourself a time;

• choose a full name for the new user; (dont try to use root here, just your first name is ok), and a user name account (the same name is fine)

• choose a very strong password, like 12345...

• choose if you want to encrypt your home directory; i accepted the default NO ;

• configure an http proxy; if you dont use one, or dont know what it is, leave it blank and hit enter;

• if you have an active internet connection, the system will now scan the mirror; just wait;

• the system now asks if you want automatic updates; i really never choose that, so i can do this IF and WHEN i want, and avoid surprises; so i chose "no automatic updates", which is the default;

• now choose software to install; In order to follow this guide i suggest LAMP, MAIL and OPENSSH ;(mark what you want with the spacebar and hit enter just afterwards);

• have a wait of 3 minutes...

• choose a strong password for the mysql root user; i used the same one for the user, but if you are paranoid, choose one that no one can remember, even yourself; remember that this will be your ***MySQL ROOT PASSWORD***, required after on the zm database creation;

• during postfix configuration; i suggest "internet site"; then choose a name for the system mail; i accepted the default;

• have a wait (3 minutes once again)

• choose if the grub boot loader is to be installed to the master boot record; choosing *YES* seems to me to be safe in my opinion for more than 2 years now, as it always recognized my other operating systems from other partitions, like windows xp, vista, other linux flavours, and even the other linux grubs that may exist, so it adds everything to the boot entries it may find.... and then you will have the opportunity to choose what system to boot everytime you turn your computer on; (on the post-config i have some suggestions regarding that)

• now, when prompted, remove de cd and click continue; (when the system reboots you may want to enter the bios settings and choose not to boot from cds anymore)

• mission accomplished so far, ubuntu server is fresh/ready;

server Post-installation procedures

• login with the user you created, not root;

• type "sudo passwd root" , hit enter, enter your password, then a new password twice (or the same one) to be the "root" password; OR ignore this direction and simply prepend "sudo" for all commands when needed;

• type "logout", hit enter

• now login with your root account;

• if during the install time ubuntu succeeded to conect to the internet without asking anything, it means that it tried to use DHCP and succeeded; but i don´t think anyone would like it that way, (unless you had set an ip/mac reservation in your router dhcp config); so now we are changing our server to a fixed ip on the lan:

1- check if you have a working internet connection, try "ping www.nytimes.com" and CTRL+C to stop;

2- if in doubt of which ip you should use as fixed, type "ifconfig" and enter; you´re gonna get something like this if you have a valid dhcp active internet connection up to this moment:

root@amdcctv-ub904:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:15:f2:1f:9a:47
          inet addr:192.168.15.104  Bcast:192.168.15.255  Mask:255.255.255.0
          inet6 addr: fe80::215:f2ff:fe1f:9a47/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:197 errors:0 dropped:0 overruns:0 frame:0
          TX packets:171 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:22585 (22.5 KB)  TX bytes:19471 (19.4 KB)
          Interrupt:11 Base address:0xa000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

root@amdcctv-ub904:~#

So i know from that and from my router config that i am going to use 192.168.15.104 as the fixed server ip, 255.255.255.0 as netmask, 192.168.15.1 as default gateway, and also 192.168.15.1 as the primary dns; no need of a secondary dns im my case;

lets edit /etc/network/interfaces; "cd /etc/network/", enter, "cp interfaces bkp_original_interfaces", enter, "nano /etc/network/interfaces", enter;

i had the original like this:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet dhcp

so i changed from that to:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# This is a list of hotpluggable network interfaces.
# They will be activated automatically by the hotplug subsystem.
mapping hotplug
        script grep
        map eth0

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.15.104
netmask 255.255.255.0
gateway 192.168.15.1

save, exit, then, check /etc/resolv.conf ; "cd /etc", enter, "nano resolv.conf", enter; im my case, i did not need to change this, because it was correct;(dns=gateway in my router)

nameserver 192.168.15.1

I will now restart the network to check what i have done so far: "/etc/init.d/networking restart", enter, and then ping again: "ping www.nytimes.com", enter :

root@amdcctv-ub904:/etc# ping www.nytimes.com
PING www.nytimes.com (170.149.173.130) 56(84) bytes of data.
64 bytes from www.nytimes.com (170.149.173.130): icmp_seq=1 ttl=240 time=238 ms
64 bytes from www.nytimes.com (170.149.173.130): icmp_seq=2 ttl=242 time=215 ms
64 bytes from www.nytimes.com (170.149.173.130): icmp_seq=3 ttl=241 time=215 ms
64 bytes from www.nytimes.com (170.149.173.130): icmp_seq=4 ttl=242 time=216 ms
64 bytes from www.nytimes.com (170.149.173.130): icmp_seq=5 ttl=241 time=234 ms
^C
--- www.nytimes.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4000ms
rtt min/avg/max/mdev = 215.400/224.047/238.171/10.124 ms
root@amdcctv-ub904:/etc# /etc/init.d/networking restart
 * Reconfiguring network interfaces...                                   [ OK ]
root@amdcctv-ub904:/etc# ping www.nytimes.com
PING www.nytimes.com (170.149.173.130) 56(84) bytes of data.
64 bytes from www.nytimes.com (170.149.173.130): icmp_seq=1 ttl=242 time=215 ms
64 bytes from www.nytimes.com (170.149.173.130): icmp_seq=2 ttl=241 time=236 ms
64 bytes from www.nytimes.com (170.149.173.130): icmp_seq=3 ttl=241 time=235 ms
64 bytes from www.nytimes.com (170.149.173.130): icmp_seq=4 ttl=241 time=215 ms
64 bytes from www.nytimes.com (170.149.173.130): icmp_seq=5 ttl=241 time=254 ms
^C
--- www.nytimes.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4001ms
rtt min/avg/max/mdev = 215.895/231.726/254.347/14.502 ms

The lines that states "0% packet loss" tells me i have a working/valid internet connection! please refer to http://en.kioskea.net/faq/sujet-979-having-a-static-ip-address-under-ubuntu-8-10 if you need to; ** many websites are valid but filter our pings, so by the time i tried this, i was failed by cnn.com and bbc.com, but nytimes did that;

• its a good idea to backup the new working version of your /etc files, (or its entire dir into a .zip file!); also, because many previous versions ubuntu users reported to have the dhcp client packages removed to avoid the networking configurations reset in certain circumstances);

• now lets force the system to make a filesystem check during the next reboot, after all we have done a lot of partitioning/formatting/installing, and it´s good to know there´s no problems regarding that; type "touch /forcefsck", enter; now type "reboot", enter; yes, your putty session will break, just reconnect after reboot;

• (optional) now i am going to change the ssh port, by the reason i mentioned in the misc info before; (this is not a security measure, any nmap scan may easily find this port!)

"cd /etc/ssh/", enter , "cp sshd_config bkp_original_sshd_config", enter, "nano sshd_config", enter ; *CAUTION* you want to edit sshd_config, NOT ssh_config

now you are editing sshd config; change port 22 to whatever if you will; hit "CTRL+O" to save, enter, "CTRL+X" to exit;

• type "service ssh restart", enter; (to apply changes)

• type "logout", hit enter;

• now i am going to do everything else from a ssh terminal and webmin, so that i can copy/paste the next procedures; refer to http://webmaster.iu.edu/tool_guide_info/webserve_putty.shtml if you need to;

• from another machine (for example on your windows computer), have putty installed, configure it to access you ssh server ip and port;

• i suggest that under putty, you configure the "seconds between keepalives" to 50; then configure the port and ip on the main window, and save it;

• connect to the ubuntu server via putty;

• • nb: if you never used putty, be advised that to paste something into the terminal you just have to right click the mouse once, so dont try "CTRL+V", and when you copy something, try to copy just until the last character, not the entire line, because if you dont, when you paste text into putty, it will also "hit the enter" for you, what i dont like; but nevermind; and to copy *from* the putty terminal to another place, simply select with the mouse the text, and it is automatically copied, so dont try "CTRL+C", which in linux shell would abort the current command/process;

• • nb: The first time you connect to putty from a different machine, you will have a warning regarding the host key; that is *OK*

• lets have our packages updated and secured: "nano /etc/apt/sources.list", enter, and set to your needs (i have enabled everything but the cds, what i trust); but you´d better adapt your own sources.list to get a server near to you, the example below is for Brazil:

# deb cdrom:[Ubuntu-Server 9.04 _Jaunty Jackalope_ - Release i386 (20090421.1)]/ jaunty main restricted
# deb cdrom:[Ubuntu-Server 9.04 _Jaunty Jackalope_ - Release i386 (20090421.1)]/ jaunty main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.

deb http://br.archive.ubuntu.com/ubuntu/ jaunty main restricted
deb-src http://br.archive.ubuntu.com/ubuntu/ jaunty main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://br.archive.ubuntu.com/ubuntu/ jaunty-updates main restricted
deb-src http://br.archive.ubuntu.com/ubuntu/ jaunty-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://br.archive.ubuntu.com/ubuntu/ jaunty universe
deb-src http://br.archive.ubuntu.com/ubuntu/ jaunty universe
deb http://br.archive.ubuntu.com/ubuntu/ jaunty-updates universe
deb-src http://br.archive.ubuntu.com/ubuntu/ jaunty-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://br.archive.ubuntu.com/ubuntu/ jaunty multiverse
deb-src http://br.archive.ubuntu.com/ubuntu/ jaunty multiverse
deb http://br.archive.ubuntu.com/ubuntu/ jaunty-updates multiverse
deb-src http://br.archive.ubuntu.com/ubuntu/ jaunty-updates multiverse

## Uncomment the following two lines to add software from the 'backports'
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://br.archive.ubuntu.com/ubuntu/ jaunty-backports main restricted universe multiverse
deb-src http://br.archive.ubuntu.com/ubuntu/ jaunty-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
deb http://archive.canonical.com/ubuntu jaunty partner
deb-src http://archive.canonical.com/ubuntu jaunty partner

deb http://security.ubuntu.com/ubuntu jaunty-security main restricted
deb-src http://security.ubuntu.com/ubuntu jaunty-security main restricted
deb http://security.ubuntu.com/ubuntu jaunty-security universe
deb-src http://security.ubuntu.com/ubuntu jaunty-security universe
deb http://security.ubuntu.com/ubuntu jaunty-security multiverse
deb-src http://security.ubuntu.com/ubuntu jaunty-security multiverse

now, type in "apt-get update", enter, and expect something like "(...)(...)Fetched xx.xkB in xxs (xx.xxkB/s) / Reading package lists... Done", and follow on with "apt-get upgrade", enter; it took me no more than 2 minutes; my isp isnt that bad after all..., and just because i want, i´ll end that step with "apt-get clean"; i think it has kind of a psychological effect in the debian brain that ubuntu inherited;

• install webmin (optional) and change it´s listening port if needed;

• install noip client to have your dynamic-cheap-3rd-world-disgusting-velox-telemar-varying-ip to some rememberable address like easy.no-ip.com : "apt-get install noip2" ; it is downloaded an then it runs a first time config utility; provide it with the login and password you have created on no-ip.com website previously; after, it will ask your hosts list: provide it with xxxx.no-ip.com host redirect you created; in the end it asks the network device name, just leave it blank if you have just one adapter, like eth0; it also asks about nat, leave at default NO if in doubt; you may run the config again at later time if you need with "noip2 -C"; you may now want to run sysvconfig to certify it will run automatically upon bootup; or you may navigate trough webmin "system>bootup and shutdown", which is very pleasant also; see following step;

• install sysvconfig: "apt-get install sysvconfig", enter; now run it: "sysvconfig", enter , now choose "enable/disable", ensure that noip2 is checked; also ensure webmin is checked if you want it; back to the main screen, hit "finished" to save; exit it;

• Now we´ll suggest the first thing really useful so far: inspect our system logs, and watch carefully for any warnings, errors, or messages that may indicate some particular problem so far; if we notice something unusual, we´ll be googleing and fixing that before we proceed; Under past installations, i have noticed errors regarding "shared memory" in the ubuntu clean install, far before installing zoneminder; so if you have a problem that you know for sure is not zm´s, you´ll help yourself googleing that in the right foruns; expect many false alarms, but be sure that they are only false alarms or get to know what they are; inspect syslog with "less /var/log/syslog", scroll it down with pgdown, and inspect from the end to start direction, if you wish; expect lots of " (...) /USR/SBIN/CRON[2859]: (root) CMD (...)" as normal (its just cron doing its jobs;); i also particulary found some warnings regarding "codecs not valid", they are inofensive to me; at this point i was happy that i did not have any "memory" or important issues; type "q" to quit less utility; now we´ll be inspecting apaches error log: "less /var/log/apache2/error.log" to do that; it had nothing wrong in it; just for completeness, i rebooted and checked them once again to be sure; to watch the logs in real time while you do some stuff, you may use "watch --i 0 tail -n 15 /var/log/syslog", for example, to watch syslog last 15 lines; i also like to watch uptime or top to check cpu and mem loads;

• ensure you had your capture card recognized, or dont bother if you are lucky enough to have some of those axis ip cams that still cost too much down here; the so-called Pico2000 bt878 based cards are automatically recognized by the relatively newer kernels, including ours; lets be sure in case; an existing /dev/videoX directory is a first good thing to see, and other good expected outputs are as follows:

root@amdcctv-ub904:~#
root@amdcctv-ub904:~# find /dev -name video*
/dev/video0
/dev/.udev/names/video0
root@amdcctv-ub904:~# lspci -v | grep Multimedia
00:0b.0 Multimedia video controller: Brooktree Corporation Bt878 Video Capture (rev 11)
00:0b.1 Multimedia controller: Brooktree Corporation Bt878 Audio Capture (rev 11)
00:11.5 Multimedia audio controller: VIA Technologies, Inc. VT8233/A/8235/8237 AC97 Audio Controller (rev 60)
root@amdcctv-ub904:~#
root@amdcctv-ub904:~# lsmod | grep bt
bttv                  172116  0
videodev               41472  1 bttv
ir_common              52228  1 bttv
compat_ioctl32          9344  1 bttv
i2c_algo_bit           14084  1 bttv
v4l2_common            20864  1 bttv
videobuf_dma_sg        20484  1 bttv
videobuf_core          26372  2 bttv,videobuf_dma_sg
btcx_risc              13064  1 bttv
tveeprom               20100  1 bttv

• one more system updating and cleaning, just to be sure: "apt-get update" ... "apt-get upgrade" ... "apt-get clean" ...

root@amdcctv-ub904:~# apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@amdcctv-ub904:~#
root@amdcctv-ub904:~# apt-get clean
root@amdcctv-ub904:~#

• now i consider i am prepared to be starting zm related stuff;

ZM installation

Changes for Lib Paths

echo "/usr/local/lib" > /etc/ld.so.conf.d/ffmpeg.conf
echo "LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH" >> /etc/bash.bashrc
echo "export LD_LIBRARY_PATH" >> /etc/bash.bashrc
ldconfig

Install All Prerequisites

• some may be already installed depending on what you did so far;

aptitude install build-essential linux-headers-`uname -r` automake perl libnet-ssleay-perl openssl libauthen-pam-perl \
libpam-runtime libio-pty-perl libmd5-perl libmysqlclient15-dev \
libarchive-zip-perl libdate-manip-perl libdevice-serialport-perl libjpeg62 libjpeg62-dev libmime-perl libstdc++6 libwww-perl \
zlib1g zip unzip patch ntp openssl libpcre3-dev libssl-dev libjpeg-progs libcurl4-gnutls-dev munin munin-node libmime-lite-perl \
netpbm libbz2-dev subversion

by this time, it gave me:

The following NEW packages will be installed:
  autoconf{a} automake autotools-dev{a} binutils{a} build-essential comerr-dev{a} defoma{a} dpkg-dev{a}
  fontconfig{a} fontconfig-config{a} g++{a} g++-4.3{a} gawk{a} gcc{a} gcc-4.3{a} ghostscript{a} ghostscript-x{a}
  gs{a} gsfonts{a} libarchive-zip-perl libbz2-dev libc6-dev{a} libcairo2{a} libconvert-binhex-perl{a}
  libcups2{a} libcupsimage2{a} libcurl4-gnutls-dev libdate-manip-perl libdatrie0{a} libdevice-serialport-perl
  libdirectfb-1.0-0{a} libemail-date-format-perl{a} libfontconfig1{a} libfontenc1{a} libfreetype6{a}
  libgcrypt11-dev{a} libgnutls-dev{a} libgomp1{a} libgpg-error-dev{a} libgs8{a} libice6{a} libidn11-dev{a}
  libio-multiplex-perl{a} libio-stringy-perl{a} libjpeg-progs libjpeg62 libjpeg62-dev libkadm55{a}
  libkrb5-dev{a} libldap2-dev{a} libmime-lite-perl libmime-perl libmime-tools-perl{a} libmime-types-perl{a}
  libmysqlclient15-dev libneon27-gnutls{a} libnet-cidr-perl{a} libnet-server-perl{a} libnet-snmp-perl{a}
  libnetpbm10{a} libpango1.0-0{a} libpango1.0-common{a} libpaper-utils{a} libpaper1{a} libpcre3-dev
  libpcrecpp0{a} libpixman-1-0{a} libpng12-0{a} librrd4{a} librrds-perl{a} libsm6{a} libssl-dev
  libstdc++6-4.3-dev{a} libsvn1{a} libsysfs2{a} libtasn1-3-dev{a} libthai-data{a} libthai0{a} libtiff4{a}
  libts-0.0-0{a} libxcb-render-util0{a} libxcb-render0{a} libxfont1{a} libxft2{a} libxrender1{a} libxt6{a}
  linux-headers-2.6.28-11{a} linux-headers-2.6.28-11-server linux-libc-dev{a} m4{a} make{a} munin munin-node
  netpbm ntp pkg-config{a} psfontmgr{a} rrdtool{a} subversion ttf-dejavu{a} ttf-dejavu-core{a}
  ttf-dejavu-extra{a} unzip x-ttcidfont-conf{a} xfonts-encodings{a} xfonts-utils{a} zip zlib1g-dev{a}
0 packages upgraded, 108 newly installed, 0 to remove and 0 not upgraded.
Need to get 62.2MB of archives. After unpacking 232MB will be used.
Do you want to continue? [Y/n/?]

go ahead; 10 minutes estimated under 1Mb dsl; now i am going to reboot just because i want to; after reboot, i did the "apt-get update" "apt-get upgrade" "apt-get clean" thing again; at this time, the "apt-get clean" took some more time, what makes me think i am not crazy at all;

Install Perl Modules

type "perl -MCPAN -e shell", enter
(accept yes when prompted)


type "install CPAN", enter
(accept yes when prompted)
type "exit", enter


type "perl -MCPAN -e shell", enter
type "install YAML PHP::Serialization Module::Load X10::ActiveHome", enter
(accept yes when prompted,and yes again to fix dependencies problems if so)
type "exit", enter

FFmpeg & ZoneMinder from SVN

Install FFmpeg

cd /usr/src

svn checkout svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg

(in the end it gave me "Checked out external at revision 29318 - Checked out revision 18890",
so i will have a note of it for future reference if i ever need, i hope i dont need tough;)

cd ffmpeg

echo "Checked out external at revision 29318 - Checked out revision 18890" > xxx_SVN_info.txt

./configure --enable-gpl --enable-shared --enable-pthreads

make
(this compiling took more than 10 minutes, and at some points i thought something went hung, but not)

make install
(this took 5 seconds at most)


make install-libs
(that was fast too, and no error messages, only codes and codes)


cd /lib

ln -s /usr/local/lib/libswscale.so.0
ln -s /usr/local/lib/libavformat.so.52
ln -s /usr/local/lib/libavcodec.so.52
ln -s /usr/local/lib/libavutil.so.50
ln -s /usr/local/lib/libavdevice.so.52

(all commands ran smooth, no broken symbolic links so far)

Install & Config ZoneMinder

cd /usr/src
svn co http://svn.zoneminder.com/svn/zm/trunk zm
(took about 2 minutes, and in the end it gave me "Checked out revision 2887", so i will note it down for reference;


cd zm

echo "Checked out revision 2887" > xxx_SVN_info.txt


./configure --with-webdir=/var/www --with-cgidir=/usr/lib/cgi-bin ZM_DB_HOST=localhost ZM_DB_NAME=zm ZM_DB_USER=zmuser \
ZM_DB_PASS=zmpass --enable-debug=yes --with-webgroup=www-data --with-webuser=www-data

(that took no more than 1 minute, and in the end it gave me "checking for scripts/ZoneMinder/Makefile... no
Checking if your kit is complete... Looks good - Writing Makefile for ZoneMinder)

autoconf
(ok, outputs nothing here)

automake

(now this automake gave me an error that i did not ignore, i just executed "aclocal", and then "automake" again, and yes, its was fine ! see below the error and the workaround)

configure.ac:3: version mismatch.  This is Automake 1.10.2,
configure.ac:3: but the definition used by this AM_INIT_AUTOMAKE
configure.ac:3: comes from Automake 1.9.6.  You should recreate
configure.ac:3: aclocal.m4 with aclocal and run automake again.
root@amdcctv-ub904:/usr/src/zm#
root@amdcctv-ub904:/usr/src/zm#
root@amdcctv-ub904:/usr/src/zm# aclocal
root@amdcctv-ub904:/usr/src/zm#
root@amdcctv-ub904:/usr/src/zm# automake
root@amdcctv-ub904:/usr/src/zm#
root@amdcctv-ub904:/usr/src/zm#


(now, the most important step, that takes about 3 minutes compiling)

make


(so far so good, lets now create the initial db; when prompted, use the **root MySQL** password you created before;)

mysql -u root -p < db/zm_create.sql
(no output after entering the password means no problem)


mysql -u root -p
(after entering your mysql root password, you will be taken to the mysql shell)


grant select,insert,update,delete on zm.* to 'zmuser'@localhost identified by 'zmpass';
(that gave me "Query OK, 0 rows affected (0.00 sec)", wich means no problem too)


quit


make install
(that took not even 5 seconds, and we are now comming to an end)

Post Install

Install cambozola.jar

cd /usr/src
wget http://www.charliemouse.com:8080/code/cambozola/cambozola-latest.tar.gz
tar -xzvf cambozola-latest.tar.gz
cp cambozola-0.70/dist/cambozola.jar /var/www
(all should run smooth)

Remove existing index.html

rm /var/www/index.html

Make sure ZoneMinder starts automatically

nano -w /etc/init.d/zm

#!/bin/sh
# description: Control ZoneMinder as a Service
# chkconfig: 2345 99 99

# Source function library.
#. /etc/rc.d/init.d/functions

prog=ZoneMinder
ZM_PATH_BIN="/usr/local/bin"
command="$ZM_PATH_BIN/zmpkg.pl"

start() {
        echo -n "Starting $prog: "
        $command start
        RETVAL=$?
        [ $RETVAL = 0 ] && echo success
        [ $RETVAL != 0 ] && echo failure
        return $RETVAL
}
stop() {
        echo -n "Stopping $prog: "
        $command stop
        RETVAL=$?
        [ $RETVAL = 0 ] && echo success
        [ $RETVAL != 0 ] && echo failure
}
status() {
        result=`$command status`
        if [ "$result" = "running" ]; then
                echo "ZoneMinder is running"
                RETVAL=0
        else
                echo "ZoneMinder is stopped"
                RETVAL=1
        fi
}

case "$1" in
'start')
        start
        ;;
'stop')
        stop
        ;;
'restart')
        stop
        start
        ;;
'status')
        status
        ;;
*)
        echo "Usage: $0 { start | stop | restart | status }"
        RETVAL=1
        ;;
esac
exit $RETVAL

Make /etc/init.d/zm executable:

chmod 755 /etc/init.d/zm

• Use "sysvconfig" to enable ZoneMinder, remembering to hit "finished" to save, not just quiting right away)

• guess what, i will reboot again; i admit i like it;

final testings and procedures

• time to check our system logs; besides cron jobs doing their jobs, the good news are:

May 21 15:35:54 amdcctv-ub904 zmdc[2765]: INF ['zmfilter.pl' started at 09/05/21 15:35:54]
May 21 15:35:54 amdcctv-ub904 zmdc[2743]: INF ['zmfilter.pl' starting at 09/05/21 15:35:54, pid = 2765]
May 21 15:35:54 amdcctv-ub904 zmdc[2768]: INF ['zmaudit.pl -c' started at 09/05/21 15:35:54]
May 21 15:35:54 amdcctv-ub904 zmdc[2743]: INF ['zmaudit.pl -c' starting at 09/05/21 15:35:54, pid = 2768]
May 21 15:35:54 amdcctv-ub904 zmfilter[2765]: INF [Scanning for events]
May 21 15:35:54 amdcctv-ub904 zmdc[2770]: INF ['zmwatch.pl' started at 09/05/21 15:35:54]
May 21 15:35:54 amdcctv-ub904 zmdc[2743]: INF ['zmwatch.pl' starting at 09/05/21 15:35:54, pid = 2770]
May 21 15:35:55 amdcctv-ub904 zmwatch[2770]: INF [Watchdog starting]
May 21 15:35:55 amdcctv-ub904 zmwatch[2770]: INF [Watchdog pausing for 30 seconds]
May 21 15:35:55 amdcctv-ub904 zmdc[2773]: INF ['zmupdate.pl -c' started at 09/05/21 15:35:55]

• very good result ! now, lets access the web interface; as i have mentioned, i need to change the http port because my isp blocks port 80:

1- backup and edit /etc/apache2/ports.conf with nano, then change both "NameVirtualHost *:80" and "Listen 80" to the new port we may need;

2- backup and edit /etc/apache2/sites-enabled/000-default with nano, and change "<VirtualHost *:80>" to reflect the new port;

3- restart apache a la red hat way: "service apache2 restart"; yes, it restarted with no complains !

• time for the truth: point our firefox browser to the no-ip address from the wan side or the fixed ip from the lan side:

http://xxxx.no-ip.com:pppp/index.php (where pppp is the new apache port, if so)

• Now lets secure our zm install right away; navigate to options > system and check OPT_USE_AUTH, change AUTH_HASH_SECRET, save; now restart zoneminder from the web interface or from the putty, like "service zm restart", enter zm interface again, use admin/admin as the default, navigate to options > users (the last new tab), and i suggest you change the username AND the password, not only the password; save, close, restart zm again, logout and login with new account;

• lets have one of my analog cameras to work with the Pico2000 capture card: first go to option > config and disable V4L_MULTI_BUFFER; then restart zm, add a new monitor, choose a preset (or for example i have accepted all defaults and just changed the source tab to: /dev/video0 , video_for_linux_version_1, channel 0, ntsc, yuv422p, 320, 240, > save; (there are lots of presets available)

• if you want, there are dozens of open ip cams for a initial test also; google "public ip cams" or refer to http://www.webcamxp.com/publicipcams.aspx for example; (by open i mean no password protection, altough no one authorized it´s use, so behave like a good guy and consider varying them on your tests to save upload for an individual cam)

• you may need to logout and login again, even after restarting zm, because if not the system may "remember" your last session, and the user wont authenticate zms processes, giving syslogs somethings like "zms[1234]: ERR [Unable to authenticate user]"; just then, click the monitor id to watch it; it really worked for me just like that, with IE6, IE7, and FF3.0.10, without any need of aditional plugins or whatever;

• End up making with a final reboot, and further log inspections, this time with the new camera already configured; during that last inspection, my syslog complained about "console-kit-daemon[2907]: WARNING: cannot initialize libpolkit, some functionality will not be available"; im not worried with that by now, i beleave it may be fixed in a future "apt-get upgrade";

extra configurations

Mail Server integration

Altough we have an Ubuntu server enabled with postfix that may send emails without the help of an external ISP, i prefer to use my ISP SMTP account to do that, because sending emails from (my) dynamic IP (that doesnt resolve to a FQDN, and other things) usually gets rejected by 99% of the providers; I have referenced from http://anothersysadmin.wordpress.com/2009/02/06/postfix-as-relay-to-a-smtp-requiring-authentication/ to do this:

use external isp to send emails

IF you have chosen MAIL during install-time and followed the suggested steps, it should be exactly like this: (or if you installed postfix later and chose "internet site" it must to be the same)

• backup and edit postfix configuration: "cd /etc/postfix", enter; "cp main.cf bkp_original_main.cf", enter, "nano main.cf" enter , **remove** the line that says "relayhost = " (next to the end of the file) and *ADD* the following lines to the end:

#### ADDED BY HAND TO USE MY ISP SMTP ACCOUNT WHEN SENDING EMAILS ####
relayhost = [smtp.XXXCHANGETHISXXX.com]
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl-passwords
# smtp_sasl_mechanism_filter = digest-md5 # enable if your isp supports this

• Now, create a file to store your user account data from your paid ISP: type "nano /etc/postfix/sasl-passwords", enter, and paste/edit the following:

[smtp.xxxxxxxx.com] yourusername:yourpassword

• compile the map file: type "postmap hash:/etc/postfix/sasl-passwords", enter; (expect no output)

• restart postfix with "service postfix restart";

• test email sending: if you've never done that from command line: type "mail test@test.com", enter, enter subject, enter, type the message, hit CTRL+D, hit enter again for the CC field, and thats it! now look at the tail of syslog, ("tail /var/log/syslog") and expect something good like below; the email is now on its way in the wires and airwaves, and we're done;

May 24 22:56:35 amdcctv-ub904 postfix/pickup[5304]: 8A63F42487: uid=0 from=<root>
May 24 22:56:35 amdcctv-ub904 postfix/cleanup[5762]: 8A63F42487: message-id=<20090525015635.8A63F42487@amdcctv-ub904.xxxxxx.com.br>
May 24 22:56:35 amdcctv-ub904 postfix/qmgr[5306]: 8A63F42487: from=<root@amdcctv-ub904.xxxxxx.com.br>, size=365, nrcpt=1 (queue active)
May 24 22:56:36 amdcctv-ub904 postfix/smtp[5764]: 8A63F42487: to=<xxxxx@xxx.com>, relay=smtp.xxxxxx.com.br[0.0.0.0]:25, delay=0.79, delays=0.1/0.04/0.3/0.34, dsn=2.0.0, status=sent (250 ok 1243216596 qp 4272)
May 24 22:56:36 amdcctv-ub904 postfix/qmgr[5306]: 8A63F42487: removed

ZM email and filter config

• under zm interface, go to options > email, and have a look/start with my suggested config found in the picture below; note that EMAIL_HOST may remain cool at "localhost", because we have already prepared postfix as we wanted for the system as a whole; > save

• The important wildcards that will do the trick to include in the EMAIL_BODY are:
  •  %EI1% - Attachs first alarmed event image.
  •  %EIM% Attachs (first) event image with the highest score.
  •  %EV% Attachs event mpeg video. (I prefer images because of file size, and have not tested this)

• adjust your email/upload filter considering that only a few(important) events should match it, according to the server connection speed; also avoid uploading or emailing videos, or worse than having your mailbox full or paused by your isp, you may end up not being able to access your server from the "outside" because your bandwidth is already compromised; (on my 1Mb dsl, when i´m watching the montage view with 4 cams on 320x240, with 50% of quality (options>images>JPEG_STREAM_QUALITY), im hardly able to ssh or webmin my server; i have to stop the montage and wait 2 seconds at least, and thats without mentioning emailing or ftp'ing!); of course not if you´re only interested on the lan side efficiency...

• create a new filter to your needs: on the main zm page, click filters; (note that already have one filter pre-configured, that purges events when disk is almost full, leave it as is and create a new one! (really needed or the server may collapse without space to think, work)) notice: it is pre-configured, but not pre-activated to run in background, so if you want select this filter, click save, and check "Run filter in background", save;

• (optional) options > system > set FILTER_EXECUTE_INTERVAL to 10 , according to the context help: "ZoneMinder allows you to save filters to the database which allow events that match certain criteria to be emailed, deleted or uploaded to a remote machine etc. The zmfilter daemon loads these and does the actual operation. This option determines how often the filters are executed on the saved event in the database. If you want a rapid response to new events this should be a smaller value, however this may increase the overall load on the system and affect performance of other elements."

• (optional) send an important image by email automatically, based on the event total score; see the FAQ if needed to understand zm statstics; for example: || total score || greater than || 10 ||, check "Email details of all matches" > save (do **not** click submit or you will get all existent events that match the filter to be mailed to you; actually, we just want the new events from now on...);

• play around with the filters' infinite possibilities;

• restart zm whenever you edit any filter with "service zm restart" to force the reload of filters now (or you will have to wait up to 300 seconds that is the default, but can also be changed);

Creating a custom skin to your mobile

ZM new version supports creation and customization of skins, for example, for your specific mobile

Even if you dont own a newer smartphone or palm to be able to watch live streams, you may have your old web-enabled mobile to view still images refreshed manually, a simple montage view, access to last events and much more; In the foruns there are many tweaks for specific mobiles/palms/smartphones/etc....

• check if the default mobile skin is suitable for you: point the browser to your zm mobile skin: http://xxxx.no-ip.com:pppp/(zm)/index.php?skin=mobile

• if you need to create a custom skin, use the "mobile" as a basis and modify to your needs: "cd /var/www/skins/", and copy the whole dir structure to , for example, "cp -ar ./mobile ./nokia", enter and after that, use skin=nokia, if so; then you can modify the skin.php or the files inside /skins/nokia/views if needed, leaving the default zm files intact, so that you dont even need to make a backup of them because you are just modifying your own skin !!!.

• When you dont express what skin you want, the system defaults to skin=classic, unless you have set your web server to redirect selectively to a custom skin based on the browser; for example: in my case, apache recognizes my mobile browser as "Nokia5610d" and redirects to skin=nokia; Once you access a skin, zm intelligently use cookies to keep your preferences;

TODO

* smtp tweak so that i use my own isp account to send mail from my server, because sending mail directly from a dynamic ip gets considered spam by 99% of providers;

* config zm to send hi-score images of events to my email as attachments, so that if some burglar breaks into my soho, he may take my computer but i will still have the "last shots" before that in my mail;

* config a new mobile skin (/index.php?skin=mobile) customized to my nokia phone, so that i can view still images from everywhere, thats really very impressive when you show that to people;

exporting videos

• Pending: To export a video, click an event name or id to watch it, then click export > check "Export Video Files (if present)" > choose .zip or .tar, and click export; unfortunately for me, the .tar file got created, but was empty, and the .zip, was not created at all; i have seen it before, must to be something related to ffmpeg path.... exporting image files worked normally though;

Additional suggested softwares

• 3rd party (but open source) software to stream/watch zoneminder/events/etc: http://sourceforge.net/projects/jzmconsole/ (also http://jzmconsole.securitykit.net/ ) and http://sourceforge.net/projects/zmviewer ;

• install lmsensors, and watch it if you´re gonna have a common computer turned on for longer period that it was initially prepared; (or make a custom script to shutdown in case of cpu overheat or fan problematic speed); a hi-quality powersupply like SEVENTEAM or THERMALTAKE is suggested for the cpu; (apt-get install lmsensors)

• have your firewall configured with simple rules, at least; check http://manpages.ubuntu.com/manpages/jaunty/en/man8/ufw.8.html

• install phpmyadmin; (apt-get install phpmyadmin)

• install samba server or client upon need;

• install a proxy to force a firewall and provide cache to the lan-side of your network, or soho; (**only** if you have a reasonable server, or all youre gonna get are exceeded help-desk tickets); check http://www.squid-cache.org/

• install a pbx open source solution, namely asterisk; check http://www.asterisk.org/

• install a open-source anti-virus to watch shared samba storages; check http://www.clamav.net/

• run a nmap search from another computer to learn about vulnerabilities on your server/network; install simply by apt-get install nmap or have a visit at http://www.insecure.org and http://www.nmap.org to get some examples;

• watch your logs;

• backup this system state so far, with something like ghost, so that that you can restart from *here* and not from the beginning if needed, or simply take a snapshot if under a vitualizated machine;

• configure a self-signed ssl certificate, and then prepare apache to have virtual redirections to each dir upon your will; for example, you may force some important web directories, like /var/www/ or /var/www/intranet to require SSL with "RequireSSL" directives in htaccess files; and also, remember that htaccess files are useful but if you have the root access to the server, you dont need to rely on the htaccess; you may create a top-level apache rule into its own config, wich i judge safer;

• much more: check http://ubuntuguide.org/wiki/Ubuntu:Jaunty

troubleshooting

• Ubuntu questions: check https://answers.launchpad.net/ubuntu or google what you need;

• ZM Questions: first serch the FAQ or search the foruns on http://www.zoneminder.com/forums/

Desktop over server consideration

This walkthrough targets a server stable install, without any desktop at all;

Its suggested to have your system up and running for days if possible, watch it, and not to install a bunch of packages at a time, namely "desktop" packages; for example, on many situations before when i have installed one of the ubuntu desktops by "apt-get install ubuntu-desktop", or "apt-get install kubuntu-desktop", or "apt-get install xubuntu-desktop" over a server deployment, i ended up with different kernels, multiple insane choices under my boot menu, and different sort of odd things when needing to compile something, including zm source; well, it may be not a problem for you, but i admit it really is for me; if in doubt checkout those links that report that even the kernel interrupt timer is different between the server and the desktop editions:

• http://www.ubuntu.com/products/whatisubuntu/serveredition/features
• http://www.ubuntu.com/products/whatisubuntu/serveredition/features/kernel

If a desktop is needed, i suggest you install from desktop cd from the beginning; as a last resource over the server, i would suggest xubuntu-dekstop, that uses xfce window manager, which is very lightweight and efficient;

wishlist

• have zoneminder not to write events to syslog, only to its own log files (yes, its on the faq and should be easy, but still didnt get a clean or safe way to do it)

• A script to make the server interact with usb or serial no-breaks so that it forces itself a "graceful" shutdown some minutes before the battery goes out;
  • under ubuntu website, http://www.ubuntu.com/products/whatisubuntu/serveredition/netinfra , i found a clue: "(...) Network UPS - Because power is not always always available continuously, Nut permits the sharing of one (or more) UPS between several machines. One server monitors the UPS and notifies the other servers connected to the same UPS when the UPS is on or has a low battery, allowing them to smoothly shutdown before complete loss of power, thus avoiding critical data loss that could occur otherwise.(...)"
  • in the end it seems to be a question of trying and having some hours: http://keystoneit.wordpress.com/2006/09/25/network-ups-tools-nut-on-ubuntu/ or http://www.engadget.com/2006/07/25/how-to-network-your-ups/

• A step-by-step guide to control external devices with linux (usb preferentially) transforming our rig not only in a cctv server, but also a complete alarm and domotics controller)

• A script under a cronjob to watch the cpu temp and fan speeds with the standard output of lmsensors and arrange the needed actions;

• make a donation to the zm keeper;

comments

• please send comments or suggestions to henrique [at] softlivre [.] com [.] br or use the Talk:Ubuntu_9.04_server_32bit