Zoneminder and Asterisk
Micro Howto
02 April 2006
Author: yoonix
----------------------------------
Quick and Dirty:
First I'm not going into the details of setting up Zoneminder. Nor am I going into the details of downloading Asterisk sources, and compiling Asterisk.
The setup I'm describing is a single Linux box (We used FC3 with all yum updates) with Zoneminder installed and configured with at least one local camera setup for motion detection. After this camera is configured in Zoneminder, and you have your zones performing where you are satisfied with the ratio of false/true alarms, then download the Asterisk sources and install.
The particular FC3 boxes we setup don't have any telephony interface devices installed. For our purposes we didn't need them on the ZM/Asterisk box.
I'll explain.
My organization is headquartered in two offices in the US. These offices contain our Network Ops Center and Security Center. The organization also has small data centers located in 30 or so countries around the world. Some of these data centers are very small, and we tend to do most admin (on the smaller centers) remotely. We were required to place some active security in the smaller centers where no permanent company staff was located. We needed to be 'alerted' anytime someone was in the smaller centers, (unscheduled).
Both NOCs in the US have large VoIP 'hubs' running for the most part Asterisk. We have PSTN gateways, SMS gateways, Email, etc... Additionally we also have routed VPN connections from the NOC to all remote data centers.
In a practical sense, when someone enters a remote data center, ZM detects the motion. A ZM filter runs a script which causes the locally installed Asterisk PBX to 'Call' a predefined extension on one of the VoIP gateways in the NOC. Once the extension in the NOC 'answers", it places another call to a cell phone, pager service, SMS service, whatever...
So now we have a VoIP connection from the ZM box in a remote data center to an Admin's cell phone in the US. Once this is established, the Asterisk instance on the ZM box 'plays' a pre-recorded message notifying the Admin of the ZM alarm.
The Admin can then login to the ZM box through the VPN, or check his email for the standard ZM jpg or mpg email alerts, and deal with the situation.
This has proven <very> effective, with only 3 false alarms in the last six months. One 'false' alarm was caused when a light bulb burned out. The other two seemed to be caused by some sort of RF leaking into the video cables and causing the image to 'shimmer', thus triggering ZM.
---------------------------------
How it works:
For obvious reasons I'm not going to show our actual scripts and configs. So what I have here are the basic scripts and conf files needed to make one ZM filter 'talk' to Asterisk and place a call to a remote PBX. If you use a distro other than FC3, YMMV. Script security is an excercise for the reader.
These are the basics, so if you have nothing better to do - flame away!
First the script:
It is a bash script named 'testcall'
This script is located in /var/www/cgi-bin/ and must be executeable by apache.
///----SNIP----///
#!/bin/bash ## Standard Bash Declaration
cd /var/www/cgi-bin/ ## Make sure we know where we are in the file system
cp alarm.call /var/www/html/events/test.call ## Copy the dot call file Apache can get to it
chmod 777 /var/www/html/events/test.call ## Change permissions on the copy
mv /var/www/html/events/test.call /var/spool/asterisk/outgoing/ ## Move the copy to Asterisk's outgoing call spool
///----SNIP----///
Discussion of testcall:
Line one - Self Explanitory
Line two - Starting point in the filesystem
Line three - Copy a pre-defined Asterisk 'dot call' file to another location readable by Apache. The original 'dot call file is located in /var/www/cgi-bin/ and should NOT be executeable.
Line four - Make the copy of the 'dot call' file world readable/writeable. (Don't worry, this file is going to the electron dust-bin in milliseconds.)
Line five - 'MOVE' the 777'd 'dot call' file to Asterisk's outgoing call spool. ***DO NOT COPY IT!*** Asterisk is VERY aggressive in reading the outgoing call spool. Copying the file requires too much system time to write the copy to the spool. It is likley Asterisk will try to 'grab' the dot call file before the file is completely written and this causes problems. Executing a move (mv) simply changes the inode of the file to indicate it is now in Asterisk's outgoing call spool.
Now Asterisk reads the dot call file, executes the call and erases the file from the spool.
Next - The Asterisk 'dot call' file.
It is a file named 'alarm.call'
It is located in /var/www/cgi-bin/
It is readable by apache, and it belongs to the apache group.
///----SNIP----///
Channel: IAX2/username:password@XXX.XXX.XXX.XXX/18005551212
Callerid: Alarm
MaxRetries: 5
RetryTime: 300
WaitTime: 45
Context: default
Extension: 5555
Priority: 1
///----SNIP----///
Discussion of alarm.call
Line 1 - 'Channel:' is the extension you wish to call on the REMOTE PBX.
IAX2 = The native Asterisk protocol for Inter-Axterisk-eXchange calls. Use it rather than SIP. It is more tolerant of NAT.
/ = field separtor
username:password@XXX.XXX.XXX.XXX = The IAX2 URL of an account on a remote Asterisk PBX. This account MUST exist on the remote PBX, and is defined in the /etc/asterisk/iax.conf file. The address of the remote PBX can be in dotted decimal or a resolveable FQDN.
/ = field separtor
18005551212 = The PSTN telephone number or Extension you want the remote PBX to call. This must be a valid number on the remote PBX, and is defined in /etc/asterisk/extensions.conf file.
Line 2 - 'Callerid:' is the callerid you want your ZM box to pass to the remote PBX
Line 3 - 'MaxRetries:' How many times (plus the initial try) to try to place the call before giving up.
Line 4 - 'RetryTime:' How many seconds between retrys.
Line 5 - 'WaitTime:' How mant seconds to wait for an answer, once the remote extension starts ringing.
Line 6 - 'Context:' The local (ZM box) Asterisk context where the extension containing the message is located.
Line 7 - 'Extension:' The local (ZM) Asterisk extension where the message is defined.
Line 8 - 'Priority:' The priority (or step) in the extension to begin.
Again, it is assumed that you know how to setup a basic ZM install, and have some experience with Asterisk. For more details on Asterisk 'dot call' files go here -> http://www.voip-info.org/tiki-index.php ... o-dial+out
Last - The extension that contains the message.
This extension is defined in the /etc/asterisk/extensions.conf file located on the local Zoneminder box, not the remote PBX!
First, this example is VERY basic. Just enough to demonstrate the method. Asterisk uses 8khz GSM audio files by default. Creating your owm GSM files for Asterisk is trivial using Audacity (audacity.sourceforge.net) and sox (sox.sourceforge.net).
READ THIS!
This is a one extension context, and is not the complete '/etc/asterisk/extensions.conf file. It is just ONE context, containing ONE extension!
The context is 'default' (line 6 of the dot call file)
The extension is '5555' (line 7 of the dot call file)
///----SNIP----///
[default]
;
exten => 5555,1,Answer
exten => 5555,n,Wait(10)
exten => 5555,n,Background(alerttone)
exten => 5555,n,Background(ha/intruder)
exten => 5555,n,Background(ha/alarm)
exten => 5555,n,Wait(2)
exten => 5555,n,Background(ha/intruder)
exten => 5555,n,Wait(2)
exten => 5555,n,Background(ha/living-room)
exten => 5555,n,Background(ha/intruder)
exten => 5555,n,Background(ha/alarm)
exten => 5555,n,Wait(2)
exten => 5555,n,Background(ha/intruder)
exten => 5555,n,Wait(2)
exten => 5555,n,Background(phonetic/alpha)
exten => 5555,n,Background(phonetic/lima)
exten => 5555,n,Background(phonetic/alpha)
exten => 5555,n,Background(phonetic/romeo)
exten => 5555,n,Background(phonetic/mike)
exten => 5555,n,Background(alerttone)
exten => 5555,n,Hangup
;
///----SNIP----///
For those of you familiar with Asterisk this should be fairly simple to modify for you own needs. For those of you who are just getting into Asterisk, check out the latest (and greatest) Asterisk book here ---> www.oreilly.com/catalog/asterisk/
It is also available for download as a pdf.
Cheers,
yoonix
Getting ZM to call you using Asterisk - Micro Howto
excuse me if i came back to life a 2006 thread, but i have one simple question for this how to.
I create the 2 file and they works, becouse if i do "sudo sh testcall" my phone rings...
But i dont know what to write in the field "Execute command on all matches:"
I have to write "sh testcall" only?
i've tried on my system (ubuntu 9.04) and i put the file in /usr/share/zoneminder/cgi-bin/ but it not works!!!
can you help me?
thanks
I create the 2 file and they works, becouse if i do "sudo sh testcall" my phone rings...
But i dont know what to write in the field "Execute command on all matches:"
I have to write "sh testcall" only?
i've tried on my system (ubuntu 9.04) and i put the file in /usr/share/zoneminder/cgi-bin/ but it not works!!!
can you help me?
thanks
-
- Posts: 381
- Joined: Sat Jan 17, 2009 7:49 pm
- Location: Germany
It says the script must be executeable by apache, what are your permissions on that file? 755? I would also change the owner of the file , put the same owner as the other files in the cgi-bin directory.execcr wrote:excuse me if i came back to life a 2006 thread, but i have one simple question for this how to.
I create the 2 file and they works, becouse if i do "sudo sh testcall" my phone rings...
But i dont know what to write in the field "Execute command on all matches:"
I have to write "sh testcall" only?
i've tried on my system (ubuntu 9.04) and i put the file in /usr/share/zoneminder/cgi-bin/ but it not works!!!
can you help me?
thanks
For the execute command on all matches, try to put the file name of the script without the "sh". If that doesn't work, try with the full path (/usr/share/zoneminder/cgi-bin/...).
Let us know how it goes!
PB
To think that you've done a good scripts and configs on your PBX, the scripts and configs needed to make one ZM filter 'talk' to Asterisk and place a call to a remote PBX.. that sounds good..
_________________
Contact Center
_________________
Contact Center
-
- Posts: 184
- Joined: Tue Oct 14, 2008 5:59 pm
Code: Select all
To think that you've done a good scripts and configs on your PBX, the scripts and configs needed to make one ZM filter 'talk' to Asterisk and place a call to a remote PBX.. that sounds good..
Could you share the info how to make a script to 'talk' to Asterisk by the zmfilter ?
I was trying to do a script in zmfilter.pl but unsuccessfuly the script never ran, sure some problem with permissions.
How to make a permission to run it?
thanks.
J.
All good if asterisk is installed on the ZoneMinder Machine
Hi,
You method is all very good if Asterisk is installed on the same machine as ZoneMinder, Unfortunately that isn't the case with out set-up.
Asterisk currently runs on "cobra" and ZoneMinder runs on "zoneminder"
Here is a quick how-to on how I got zm to talk to asterisk (as with yoonix's post i am going to assume you have asterisk and zoneminder set up and working)
Script 1 is the same as "alarm.call"
This is placed in a dir of your choosing on the asterisk server, I chose /etc/asterisk/zm_event i also called my script zm.call
zm.call
Script 2 is on the zoneminder server and placed in a dir of your chosing, i put mine in /usr/share/zoneminder/cgi-bin
remember to chmod the script to 755 so that it can be executed
asterisk-alarm
For ssh to work you have to generate public/private ssh keys and copy the public key to the /user/REMOTEUSER/.ssh/authorized_keys file
To do this you have to su to www-data (as this is the user zoneminder exicutes the script as)
Step one is to make an .ssh folder for the www-data user and chown the folder to www-data (on my server /var/www was owned by root)
now you need to su to www-data and make the public/private ssh key
Remeber to just press enter on passphase else the script wont work (ssh will still need a password to open the key, defeating not using a password to connect)
Last thing you need to do is copy the key from id_rsa.pub to the authorized_keys file on the asterisk server (/home/[USER]/.ssh/) if the authorized_keys file doesn't exist, just create it
Now to test the script
The server might ask for you to add the RSA key fingerprint to the list of know hosts, just yes this and you wont get asked again
provided the user you have specified in the asterisk-alarm script is the same user that you placed www-data's rsa key it the authorized_keys's file everything should work
Feel free to msg me if you get stuck or need more bits explaining
Regards, Tom
You method is all very good if Asterisk is installed on the same machine as ZoneMinder, Unfortunately that isn't the case with out set-up.
Asterisk currently runs on "cobra" and ZoneMinder runs on "zoneminder"
Here is a quick how-to on how I got zm to talk to asterisk (as with yoonix's post i am going to assume you have asterisk and zoneminder set up and working)
Script 1 is the same as "alarm.call"
This is placed in a dir of your choosing on the asterisk server, I chose /etc/asterisk/zm_event i also called my script zm.call
zm.call
Code: Select all
Channel: SIP/212
Callerid: Alarm
MaxRetries: 5
RetryTime: 300
WaitTime: 45
Context: public
Extension: 700
Priority: 1
remember to chmod the script to 755 so that it can be executed
asterisk-alarm
Code: Select all
#!/bin/bash
remoteuser=<REMOTE>
remotecomputer=<SERVER>
ssh -l "$remoteuser" "$remotecomputer" "cd /etc/asterisk/zm_event/; cp zm.call zm-alarm.call; chmod 777 zm-alarm.call; mv zm-alarm.call /var/spool/asterisk/outgoing/"
To do this you have to su to www-data (as this is the user zoneminder exicutes the script as)
Step one is to make an .ssh folder for the www-data user and chown the folder to www-data (on my server /var/www was owned by root)
Code: Select all
$ cd /vaw/www
$ sudo mkdir .ssh
$ sudo chown www-data:www-data .ssh
Remeber to just press enter on passphase else the script wont work (ssh will still need a password to open the key, defeating not using a password to connect)
Code: Select all
$ sudo su www-data
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/var/www/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/www/.ssh/id_rsa.
Your public key has been saved in /var/www/.ssh/id_rsa.pub.
Now to test the script
Code: Select all
$ sudo su www-data ./asterisk-alarm
provided the user you have specified in the asterisk-alarm script is the same user that you placed www-data's rsa key it the authorized_keys's file everything should work
Feel free to msg me if you get stuck or need more bits explaining
Regards, Tom