ZoneMinder Forums

Hi,

Sorry if this has been asked before, but I've searched it in the forum and couldn't find anything helpful.

I'd like to upload the video stream to another machine very frequently, in case, for example, someone takes the machine with the camera away (and also for backup purposes). I prefer using scp instead of ftp, so I don't have to set a ftp server up and also because I've heard scp is safer than ftp . I'm thinking of creating a daemon that every 10 seconds looks at the mysql database to find out which are the last 10 seconds images, then uploads them using scp and authentication keys to the remote machine.

I don't know though how reliable that is, or if there's a better way. I think ideally this modification of Zoneminder should write the image and then immediately send it to the remote machine. Does anyone know a way to do this, or any better way to do what I'm trying to do? I'd like to avoid running scripts on the remote machine.

Another thing, I noticed anyone has access to the events simply by accessing http://<host>/events/, even without being logged on. Isn't that a security problem? This machine is going to be connected to a network and I only want specific users to be able to look at the events.

Thanks in advance.

you shouldnt be able to list the contents of the events directory unless you have that turned on in apache.

What about using rsync?
Just setup a rsync server on the end side, then put a cron task on your zoneminder box so that it syncs the events directory.
It's fast, and can be run through a ssh tunnel.

You can even sync in the other side if you prefer, i.e. put the rsync server on the zoneminder box and get the other box sync'ing to it.

James, how do I configure it so the events aren't accessible to anyone? My apache2 is fresh from an Ubuntu installation, the only thing I've changed was to let /var/www/zm be the document root. Right now the events are on /var/www/zm/events.

Kazer, I hadn't thought about rsync and it might be a good idea in general, but in my case I don't know if it would help much. I've never used rsync and I'm guessing this, but a scp of the images of the last 5-10 seconds should be faster than a rsync, and speed is important because I'd like it to be updated very frequently, every 5-10 seconds or so. Also, cron has a minimum of 1 minute.

I'm thinking of making Zoneminder send the image right after writing it, but I'd have to change the code or the perl scripts for that, and I don't know where to change.

Thanks.

i think that its in httpd.conf

You can create a script to scp your event files and just add it as a filter. Then it will be run each timer a matching event has completed.

sct wrote:James, how do I configure it so the events aren't accessible to anyone? My apache2 is fresh from an Ubuntu installation, the only thing I've changed was to let /var/www/zm be the document root. Right now the events are on /var/www/zm/events.

if you haven't already found it, you can restrict direct access on a per-directory basis using .htaccess as well as the .conf file.

look up .htaccess in a web search and you should be able to figure out the syntax. I haven't tried it though, so this may actually block valid access from zm if it simply passes direct urls to that events directory instead of reading it and spitting out the data through it's own processing url.

A semi-secure solution is to place an empty index.html in that directory. This will preclude people getting a list of links to the files, while permitting ZM to link you to one.

It's not *security*; anyone who can predict an event directory name will still be able to see it, but it raises the bar a bit.

Better, make that a redirect to the main screen. It will still only affect accesses to the raw directory, not the subdirs inside.