pyBEscanner

Ok ok, and if I set it like that : dayz-default, dayz-utes
Will it take the files of dayz-default and overwrite createvehicle.spamlist with the one of dayz-utes ?
 
No, it will use both of them. It will check them in the order they are defined in your servers.ini. Whether a match is found or not it will still continue to check all the spamlists, so it will be picked up by the dayz-deafult spam filter
 
Note in regards to using multple filters & spam rules.

If u have the exact same regrex rule in multiple spam filters
The last one regrex expression overrides the previous ones

For Example
Filters setting in servers.ini = A, B

Filters A
4 1 BAN .
5 8 BAN ..

Filters B
10 10 BAN ..

End Result =
4 1 BAN .
10 10 BAN ..
 
Hi Torndeco,

Can you give me some more details on how you manage the bans.txt

There is the default in Battleye/

And then you have the following:

Bans Directory = C:\DayZ Servers\pyBEscanner\bans

What is that directory for? Are we meant to place the bans file in there? I created the directory, but I can't see its use?

EDIT: ok, so you need to copy the ban.txt file into the directory. Might be worth mentioning that as its not so clear looking at the config file. So is the bans.txt in Battleye/ now redundant or they work in parallel?
 
Just change Ban's Direcotry to where your bans.txt is stored. Don't move your bans.txt out of it's original folder as BE wont see it then. This option is only if you have symlinked ban files and in that case each BE's ban.txt should point to a "master" copy of the bans.txt in this case C:\DayZ Servers\pyBEscanner\bans was chosen as a default.
 
Pretty much as k4n30 says...

The Bans Directory is just if u are using multiple servers + have your bans.txt symlinked togethered.
This way if u configure it, pyBEscanner knows it just needs to monitor 1 bans.txt file for changes.


-------------------
-------------------

Lets say u are running 3 servers
Servers A, B , C

And you didn't tell pyBEscanner the bans.txt file were symlinked together (blame windows permissions + me not wanting pyBEscanner to need admin rights)

pyBEscanner will read each servers bans.txt + store the bans in memory for each server.
Now when a player gets banned on Server B, the ban is added to bans.txt.
Next time pyBEscanner scans servers A+C it will notice the bans.txt file has changed, and will do a full rescan of bans.txt file to find out what the changes are to bans.

-------------------
-------------------

But by telling pyBEscanner the files are symlinked together, it only needs to use / monitor 1 ban file.
It will also be the directory where the pyBEscanner ban report file is created aswell.
Personnally i just looked @ the report file to see the latest bans, so i could review them + delete the file afterwards.
That way the report file only contained bans, i hadn't checked up on yet.

---------------------
---------------------

Since the server logs + battleye logs archived are located under
pyBEscanner/logs
I had a symlinked bans.txt file in pyBEscanner/bans/bans.txt
Just made more sense to me to have all the logs + bans under a directory, made my life easer when it came to banning / un-banning a player
 
Got you now, thanks for the explanation.

One point noted - the ban entries sometimes run over to lines without a wrap but a new line:



xxxxxaxxxxxxxxxxxxxxxxxxxxxxxx-1 17.01.2013 16:15:09: scriptkiddieon Dayz-2017
<ip-address> -1 17.01.2013 16:15:09: scriptkiddie on Dayz-2017
Click to expand...

I am not sure if the new line with the IP will mean battleye trips up or is this for the IP ban?

One other observation; I see 'Disconnected!' occasionally (typically after a ban)
 
Edit:-
Code: 
<guid> -1 17.01.2013 16:15:09: scriptkiddieon Dayz-2017
<ip-address> -1 17.01.2013 16:15:09: scriptkiddie on Dayz-2017

If thats what is in your bans.txt..
Thats just a GUID ban + IP ban, they are basicly 2 different bans for same person.
So they need to be on seperate lines
Theres an option to enable/disable IP banning if u like.


------------------
------------------

As for disconnect messages in console...

Its just standard output text from the C# apps that issues that connects to server & issue a reloadbans command, and disconnects afterwards
There is also another C# app for kicking players.
Source code or links for them are included in readme/github
 
Just out of interest what is the easiest (or standard way) to back track to the source of the ban?

So using the example above I see scriptkiddie is banned is there another reference point to show which violation they triggered?
 
pyBEscanner/logs
The directorys are divided up by server / date

Normal Logs -- unedited, normal battleye logs
Action Logs -- log extracts that caused the banned / kicked i.e *-bans.txt *-kicks.txt
Spam Logs -- log extracts that triggered a spam rule *-spam.txt

Unknown Logs -- log entries that aren't in whitelist / kicklist / banlist filters *-unknown.txt
Always helpfully to look at, to spot new hacks / scripts. Or something u haven't whitelisted yet

-----------------
-----------------

There is also a bans report file pyBEscanner creates...
It will be in either your BANS DIRECTORY, or in your server's battleye folder called

bans-pyBEscanner.txt

Its just a file u can lookup, with information for a player ban.
By default the ban report message is the following ( u can configure it via servers.ini)
GUID/IP -1 Player Name: PLAYER_NAME, Server: SERVER_NAME, Date: DATE_TIME:, Logfile: LOG_FILE

Basicly a file u can lookup, when a player wants to appeal a ban afterwards i.e
U can lookup the textfile for there GUID/IP/Player Name + find out the date/time + server + logfiles for the ban.
Then u can look up the info in the archived log(s)
 
Sincere thanks for taking time to outline that, finding bans-pyBEscanner.txt was just what I wanted.

Just one more question if you don't mind, the white list for setpos:

18.01.2013 02:43:33: user (x.x.x.x:2304) <guid>- #0 2:345 CSJ_GyroP [10532,8395,231]

This is as simple as:


UralWreck
FunctionsManager
CSJ_GyroP

And one I am unfamiliar with:

18.01.2013 10:01:52: user (x.x.x.x:2304) <guid>- #0 697:719 Shot [4737,2693,8]
 
Yes that will whitelist the entry...

In dayz-default\setpos.whitelist u have the entry
(?:s|S)hot
It will whitelist the entries shot/Shot, normal dayz entries during a fight, i assume it has something todo with lag + clients desynced abit.

----------------------
----------------------

All entries in logs are on code entries only i.e
pyBEscanner will strip the "date: player name (ip) guid - "
So the filters are literally just matching against the code entry, help prevents a player names causing a ban.

http://www.pythonregex.com/
Is a nice website to test out your filters if u start to use any of the fancier regrex switches etc...


Basicly Filters work like the following
Original Logs -> Whitelist -> Kicklist -> Banlist -> anything left = unknown logs

Spam Filters work seperately i.e (whitelist filters are used in spam detection)
Original Logs -> Spam Filters
 
I failed to start the scanner under linux (lack of knowledge).


Is it possible to run "pyBEscanner" on my Windows PC so that it makes a remote connection to the linux box where my dayz server is hosted?


This is my "servers" conf:

Code: 
Bans Directory = /home/user/bliss/dayz_1.chernarus/BattlEye
 
[Server 1]
ServerName = SERVER
ServerIP = 77.77.77.77
ServerPort = 2302
RconPassword = password
BattlEye Directory = /home/user/bliss/dayz_1.chernarus/BattlEye
Server Console Log = /home/user/bliss/server_console.log
Server RPT Log = /home/user/bliss/dayz_1.chernarus/arma2oaserver.RPT
# U can override the default scanning options per server if needed i.e
#Scan Setpos = strict
 
#[Server 2]
#ServerName = IE11
#ServerIP = 127.0.0.1
#ServerPort = 2312
#RconPassword = CHANGEME
#BattlEye Directory = C:\DayZ Servers\IE 11\profile\BlissLingor\BattlEye
#Server Console Log = C:\DayZ Servers\IE 11\profile\BlissLingor\server_console.log
#Server RPT Log = C:\DayZ Servers\IE 11\profile\BlissLingor\arma2oaserver.RPT
 
#[Server 3]
#ServerName = IE12
#ServerIP = 127.0.0.1
#ServerPort = 2322
#RconPassword = CHANGEME
#BattlEye Directory = C:\DayZ Servers\IE 12\profile\BlissLingor\BattlEye
#Server Console Log = C:\DayZ Servers\IE 12\profile\BlissLingor\server_console.log
#Server RPT Log = C:\DayZ Servers\IE 12\profile\BlissLingor\arma2oaserver.RPT










P.S. BTW I don't have server_console.log and not sure if its important. My server logfile is "arma2oaserver.RPT".
 
It won't work with servers u don't have access to.
pyBEscanner needs access to the server logs themselves, u could in theory have an ftp script to constantly download (+delete) the battleye logs + upload the bans files.
But u really should just check dayz gotcha...


pyBEscanner is made to very customizeable in regards to the filters (+regrex features) it uses to ban / kick players...
It can be used pretty much for any mod / custom code u are running, just may requires some extra setting up
Believe shinkicker is working on dayz+ filters for pyBEscanner, but no reason help out or do the same.
 
@helldesign

There is only 1 stumbling block on linux atm.
Its the C# apps for connecting to server rcon...

Besides that pyBEscanner runs the exact same on a windows machine / linux machine...
Just requires python 2.7 (which your linux machine will prob have installed anyways).
If u encounter another problem on linux, give me a shout as C# apps should be the only issue.


Options in-regards to C# apps

A
  • Does your linux box have wine installed ?
  • Try and launch pyBEscanner/tools/rcon/rcon_kick.exe + rcon_reloadbans.exe via wine...
  • wine pyBEscanner/tools/rcon/rcon_reloadbans.exe <ip> <port> <password>
  • wine pyBEscanner/tools/rcon/rcon_kick.exe --ip=<ip> --port=<port> --password=<password> --file=<textfile with player name to kick inside it>
B
  • Does your linux box have mono installed ?
  • Use Mono to recompile rcon_kick.exe + rcon_reloadbans.exe + launch via mono.
  • Source code is included or links to it under tools/rcon/src/
Then it is just a simple matter of altering modules/rcon_cscript.pl to call wine / mono when launching the apps.

Once i know which way actually works... takes just afew seconds to alter the file.


-----------------
-----------------

pyBEscanner its a log parser so it needs access to the log files + ban files etc....

So u need to ideally run it on your on the same machine.

Or as shinkicker has pointed out u need to put the log files onto a network file sharing.
U will prob want to disable server logs scanning the expermential option in servers.ini, to reduce bandwidth usage.
Otherwise pyBEscanner will end up reading the server console.log + rpt logs up to 5-6 times a minute. And if u don't rotate your logs could end up eating abit of your servers bandwidth.


edit:- Was late last night, i assumed u had a managed server with only ftp access at best
 
What does it actually scan in server console.log and .rpt file??? as their are no associated filters to check for
 
You must log in or register to reply here.
Back
Top