I’m planning to set up a CCTV system to watch around a building. Anybody running Shinobi or something? And if so, what hardware are you using? I bought some cheapo v380s but the ones I got are honestly hot garbage.
It’s not the cheapest, but I have had very good luck with Synology. Works with almost every camera on the market, including everything that supports ONVIF or RTSP. Good client software for web, desktop, and mobile. Has tons of tweaks and features.
I second this. Good things to know include:
-
Each Synology NAS comes with Surveillance Station licenses for 2 cameras. You can use any 2 compatible cameras. You can switch out cameras for new ones, as long as it’s just 2.
-
If you need more than 2 cameras you can buy additional license pack bundles to add different numbers of cameras. These additional licenses are tied to that Synology NAS box. My understanding is that you can’t take them with you to a new NAS. This isn’t a problem for most people (who are gonna use that NAS for 6-10 years), but it is good to be informed when you’re making platform choices.
You can transfer licenses to a new NAS, as long as you have the license code. Just de-activate it on old box and activate it on new box.
See this link on their site for more info.
What you CAN’T do is split licenses. So if you buy the 8-pack, you can’t put 4 on one NAS and 4 on another NAS.
You also CAN’T combine the built in license. So the NAS comes with 2 licenses- you can’t remove those 2 from one NAS and apply them to another.Ah, thanks! I misunderstood, and that’s good to know. :) Useful to know for future upgrades as well.
-
I built a box with a standard PC case and a xeon v2 wfor zoneminder, and just slapped a second hand hyper 212 evo on there
I would say go for a v4 over the v2 because the efficiency is much better. You will probably just want 1 core per camera + a few to account for OS + container overhead, so more cores + efficiency is better here
I have some crappy reolink cameras through a unmanaged POE switch, up to a managed switch (cheapo tp link gigabit) so the camera and NVR are on one VLAN. I set some firewall rules in my eouter (edgerouter x) to let me connect to the NVR but block the cameras. Not ideal, but it works.
Perhaps better would be to use a NIC and connect directly to the unmanaged switch so there’s no need to VLAN, but I’m not using this for anything crazy, and i can still get gigabit speeds to the NVR
Also using a used enterprise 6tb drive for storage. Works fine and has been going strong for a year. They’re a fraction of the cost of a new drive, and are usually pulled well before theyre ready to fail
I take it zoneminder doesn’t support HW acceleration? Frigate uses very little CPU due to running OpenVINO and VAAPI, but I don’t think it supports hardware as old as the Xeon v4
It uses ffmpeg so you could use hardware acceleration, but I just have it recording 4 cameras direct to disk and decoding the substreams for restreaming to a monitor elsewhere
That being said, zoneminder is all kinds of jank and a bit slow
Blue iris works quite well for me
I’m using raspberry pi zeros with motioneyeOS 😜 not the best hardware, but gets the job done on a budget
Got a bunch of IP2M-841W and zoneminder, was kind of a pain to setup but it’s working fine now. Zoneminder is virtualized on some cheapo hardware that was laying around.
I had a look at a bunch of different software platforms and settled on Blue Iris. It takes some tweaking but it’s cheap and has a heap of different configuration options. That being said, the surveillance station stuff in Synology NAS drives is really good too. Very plug-and-play.
I’ve tried motioneye, zoneminder, shinobi cctv, blue iris, and frigate NVR.
I couldn’t get motioneye to work, but I’ll blame on me being a noob (especially at the time).
Zoneminder was stable but the UI is a bit weak and it doesn’t have person detection to my knowledge. You can get around the UI by using homeassistant as a front end.
Shinobi cctv has the best UI, but I found it to be a buggy mess, person detection was difficult to implement, and it didn’t play nice with homeassistant.
Blue iris is solid, but requires a license and windows. I have the least experience with it, but it seemed decent.
Ultimately, I landed on frigate NVR and it’s my favorite so far. Its very solid/stable, has built in object/person detection with simple support for hardware acceleration, and UI is simple but passable. Personally, I use homeassistant as a front end for WAF, but the built in UI isn’t bad and shows all your person detection events. Also, compared to all the above, configuration is done through a text file. While this may seem daunting at first, the manuals are very good and it becomes copy paste after the first camera (makes backups easy too).
For hardware, frigate has recommendations on their site. A cheap PC will do the job with ideally an Intel processor for hardware acceleration. For cameras, I’ve had the best luck with amcrest. Just make sure you throw whatever cameras you get on their own restricted vlan with no internet access. Feel free to reach out if you have any other questions.
was looking to setup frigate, what hardware are you using? trying to avoid hikvision or anything with known backdoors
I’m running an unraid server with a frigate docker. For cameras, I use amcrest. Either way, back doors shouldn’t be a concern if you have them on an isolated VLAN with no connection to the internet or other vlans. Frigate will just need access to the cameras.
Backdoors don’t really matter since the cameras are isolated to local only, and can only talk to the NVR.
any vulnerability is a risk i want to avoid, hikvision as a security camera company doesn’t care about security.
https://packetstormsecurity.com/files/166334/Hikvision-IP-Camera-Backdoor.html
But if they don’t have access to Internet, as others have said, there’s nothing a backdoor can do.
chances are you don’t have NAC setup on your home network, and even if you do that can be bypassed. mitigating risk means you accept the least amount of it. a company that’s comfortable with built-in backdoors is unacceptable.
https://learningnetwork.cisco.com/s/blogs/a0D3i000002SKPREA4/vlan1-and-vlan-hopping-attack
First of all, I’m no cyber security expert. If the devices don’t have access to Internet, how can they do a VLAN hopping? They’re not “intelligent” devices that can act by their own.
About the first link, just avoiding Cisco switches seems to solve the problem (please correct me if I’m wrong). About the second link, I’ve got a question, is VLAN hopping a real threat, can it really happens nowadays?