for version 4.1.2
Written by Ben Bird - Ben Software Ltd
SecuritySpy is CCTV video surveillance software for the Mac.
With features such as motion detection, email and iPhone alerts, ONVIF support and Pan/Tilt/Zoom control, SecuritySpy will enable you to set up a comprehensive and effective CCTV system for your business or home quickly and easily.
SecuritySpy can turn any Mac into a video surveillance station (for example, with multiple large screens in a security control room). It it also ideal for autonomous remote operation, as it has a fully-featured secure web interface that allows you to access and control your surveillance system from over the Internet or over a local network. And, as Mac software, it is as elegant and easy to use as you would expect, with a carefully-designed user interface.
If you are building a video surveillance system from scratch, all you need is SecuritySpy, a Mac, and some IP cameras. If you have an existing system using analog cameras, SecuritySpy can use these alongside more modern IP cameras, allowing you to transition to a state-of-the-art digital system.
SecuritySpy's flexibility will allow you to set up a system that is tailored for your individual needs, whether you want a single camera or a hundred.
This manual describes how to use the SecuritySpy software itself. For information about how to choose, install and set up the hardware of your CCTV system, see the SecuritySpy Installation Manual.
The main features of SecuritySpy are:
Initially, SecuritySpy will detect and display all local (USB, Thunderbolt and built-in) devices connected to your Mac. If you are using IP cameras, you can add them in the Preferences window.
SecuritySpy's main All Cameras window shows video streams from all configured cameras in a grid view. You can also create Group windows that contain whichever cameras you choose to add to them. This is useful in a large installation, to organise cameras into logical groups.
In addition, each camera can be displayed in its own individual video window. You can open individual camera video windows from the Window menu, or by double-clicking on a camera image in the main video window or group window, or by double-clicking on a camera name in the Camera Info window. All video windows can be resized to any shape and size by dragging any side of the window.
SecuritySpy offers digital Pan/Tilt/Zoom control for any camera in any video window: simply hold the Command key (⌘) on your keyboard and scroll up or down on your mouse or trackpad (on a trackpad, use the two-finger gesture to scroll). Once zoomed in, release the Command key and scroll in any direction to pan around the image. This is useful for high-resolution cameras that supply more detail than can be displayed at normal size in video windows.
Enter full screen mode using the option in the Window menu, or by pressing Command-F on the keyboard. Each monitor attached to your computer becomes an independent full-screen display for whichever cameras you choose. The first time you enter full screen mode, SecuritySpy will add all available cameras to the full screen view; to change this, right-click (control-click) anywhere on a screen and a menu will pop up that allows you to configure which cameras to display on that screen.
In order to record video from a camera, it must be "armed", and there are three modes that can be armed independently:
To manually arm a particular mode for a particular camera, right-click on its video image to get a pop-up menu that allows you to do this, or use the Control menu in the main menu bar at the top of the screen. Alternatively, each mode can be armed automatically based on a schedule (for example, so that Motion Capture is active only at night), which can be set up in the Preferences window.
This window is available by selecting Camera Info from the Window menu:
The Camera Info window shows a wealth of information about the operation of each camera:
To choose which columns to display, click on the header bar to get a pop-up menu that allows you to turn on or off each of the above items.
When SecuritySpy encounters an error, it reports the error in its log file and continues to run. For example, such errors may include problems with video input devices, FTP upload errors, or errors sending emails. If you encounter any sort of problem while using SecuritySpy, you should check the log to find out more information about what happened. To open the log file, select Open Log from the File menu.
The Preferences window contains all settings for the software, and is split into the following sections:
Note that changes to Preferences are not applied immediately as you interact with the controls in this window, because this could interrupt recordings that are currently taking place. Instead, use the Save option in the File menu (Command-S on the keyboard), or click the "Apply Preferences" button in the corner of the window, to apply the changes you have made.
This section contains general-purpose settings to configure the software, as follows:
When enabled, captured files older than the number of days you specify will be deleted automatically. There is a separate setting for the startup (system) volume vs. other volumes.
When enabled, old captured files will be deleted when disk space drops below the level you specify. This should not be set too low, as disks tend to slow down significantly as they run out of space; a value of around 2% of the disk's capacity is generally a good setting to use (e.g. 20 GB for a 1 TB drive). If the computer is being used for other applications besides SecuritySpy, more free space should be left on the startup (system) volume, hence there is a separate setting for the startup volume vs. other volumes.
This option controls whether camera information such as the camera name, armed modes and recording status is displayed at the top of each camera image in video windows (but not in captured footage).
When enabled, all of SecuritySpy's video windows (the All Cameras window, group windows and individual-camera video windows) will appear over the windows of other applications, even when SecuritySpy is in the background.
When enabled, all cameras will display at half frame rate in all video windows. If you have many cameras and/or many video windows open at once, enabling this option may result in lower CPU usage (how much lower depends on the resolution and frame rate of your cameras, and the speed of your computer's graphics hardware). This option affects display only; it doesn't affect video capture.
When enabled, motion detection will only be performed when it is required for triggering motion capture or actions, which will result in lower CPU usage when it is not required for these purposes.
By default, SecuritySpy will decompress all incoming video frames, whether or not each one is actually required. The advantage in doing so is that frames are then available at all times, so if video from a camera is suddenly required after a period of not being required (e.g. a video window is opened after previously being closed), then a video frame will will be available immediately; otherwise there may be a significant delay until decompression can resume and the next frame is available.
Enabling this option could result in significantly lower CPU usage, especially if the features that require decompression are used infrequently. Such features include motion detection, display in video windows, delivery via the web interface, and recording to disk where SecuritySpy is performing recompression of the video stream.
Every effort is made to ensure that SecuritySpy is as stable as possible, however since it relies on other software components written by other parties (such as system software and driver software for video input devices), stability cannot be guaranteed. Therefore it is possible, although unlikely, for SecuritySpy to crash ("unexpectedly quit"), and if the computer may be left unattended for long periods of time, this is a potential problem.
When this option is enabled, an tiny background application is launched that monitors SecuritySpy and restarts it if it crashes. This application runs invisibly and uses almost no system resources. If SecuritySpy crashes while video is being captured, at most only a few minutes of video will be lost.
The computer must be awake for SecuritySpy to operate, so if you want continuous operation you should leave this option turned off. Use this option if you would like the computer to sleep automatically when it is not being used (as per the settings in the Energy Saver system preference).
If this option is on, all alert messages (such as error messages) will be closed after 1 minute. This option should be enabled if the computer is to be left unattended.
If this option is on, SecuritySpy will send information back to us, the developers of the software, once per day, in order to help us diagnose problems and improve the software. This includes system setup information, error reports and performance data. This data is not shared with third parties, and contains only information relevant to the performance of SecuritySpy.
If an update is available you will be offered the option to install it; updates are never installed automatically without your permission.
When enabled, the computer's main speaker volume will be automatically set to maximum before playing sounds, and then set back to its original volume after the sound has played.
When enabled, low-level audio will be silenced, eliminating hiss and background noise from microphones. This is useful for applications such as baby monitoring, where you may be listening to the audio at night, or when multiple cameras are playing audio at the same time.
For cameras that support two-way audio, this option controls whether the incoming audio from that camera is muted whenever you are sending audio to that camera. This prevents a feedback situation where audio can pass from the Mac's microphone to the camera's speaker, to the camera's microphone, to the Mac's speaker and back to the Mac's microphone in an infinite loop.
This defines an audio input source connected to your Mac that is to be used for computer-to-camera audio transmission.
Use this option to have error reports sent to an email address whenever any problem occurs.
Use this option to have a window appear on the screen to inform you of any major errors (these include problems preventing SecuritySpy from obtaining video streams, or recording problems).
In all cases, all errors are written to a log file, which you can access from the File menu in SecuritySpy.
Choose your preferred date format, which is used whenever a date is displayed (e.g. in timestamps on video frames, and in file names).
Choose a date format, and choose a 12-hour clock (e.g. "2 pm") or a 24-hour clock (e.g. "14:00").
You can set a password here that will be required by anyone attempting to disarm a camera, access settings or quit the software. It is also advisable, in the "SecuritySpy & Privacy" system preference, to set the Mac itself to require a password after a short time of inactivity. While this doesn't prevent someone from physically tampering with the computer, implementing these basic security precautions provides a useful first layer of protection.
Under the Cameras section, you can configure all cameras to be used by SecuritySpy. This section is further sub-divided into the following tabs: Device, Setup, Masks, Audio, Continuous Capture, Motion Capture, and Actions.
The Device tab contains settings related to video devices themselves (the screenshot below show the settings available for network devices; for local devices - i.e. those connected by USB, Thunderbolt or built-in devices such as FaceTime cameras - there are many fewer options available as these are plug-and-play devices that don't need to be set up in the same way).
Enter the IP address, hostname, or Bonjour address of the device. By clicking the Auto-Discovered Devices button below this field, SecuritySpy will display a list of devices that were discovered on your local network, for example:
Select a device from this list, and the Address field will be automatically populated with the address of the selected device. This menu consists of two sections:
Both the above addressing methods remove the need to configure your cameras with fixed IP addresses: for a camera that obtains an IP address automatically via DHCP (which is usually the case), setup is simply a case of connecting it to your network and selecting it in the above list.
Many cameras support both ONVIF and Bonjour, so you may see two entires in the list for such devices; in this case you can select either (though using the ONVIF address may be slightly faster and more reliable in some circumstances).
These are the network ports that SecuritySpy uses to communicate with the device. The standard ports are 80 for HTTP and 554 for RTSP (or 8000 in both cases if the network device is another copy of SecuritySpy). If your device uses standard ports (most do), you can leave these fields empty, but if it uses non-standard ports, you should enter them here.
If the network device requires authentication, enter its username and password here.
Most IP surveillance products sold in the last few years implement the ONVIF protocol, which is a universal way of communicating with IP cameras. So, if your camera supports this, then you should use the ONVIF profile in SecuritySpy. Alternatively, SecuritySpy has many profiles designed specifically for individual camera makes and models, so check this list to find one to match your device. Or, if you want to enter the HTTP/RTSP streaming request yourself, use the Manual configuration option.
This menu lists the available formats supported by the network device, which will be a combination of the following:
If you are connecting to a camera over a local network, then the "H.264 RTSP" format is typically the best one to use. If connecting over the internet, then the "H.264 RTSP-over-HTTP" format is most appropriate, if your camera supports it.
Enter a video size (resolution) to request from the device. If you leave these fields empty, the default video size of the network device will be used. This setting is not available for all devices; typically you will need to configure the device directly to set its video size.
Enter the frame rate at which you want the device to send video frames. This setting is not available for all devices; typically you will need to configure the device directly to set its frame rate.
For devices that have multiple inputs or streams, here you can specify the one you want to use. For example, some devices have multiple physical inputs or image sensors, while others have multiple streams with different compression settings. This option will only be available if this feature is supported by the device.
SSL is a cryptography protocol that provides secure encrypted communication with network devices. For devices that support this feature, SSL provides additional security by preventing the decoding of intercepted data streams. It can therefore be useful when transmitting data over the internet, but typically is not required when transmitting over a local network. Note that this may significantly slow down video transmission due to the extra processing required by the device. In order to use SSL you will have to set up the device with a certificate (either self-signed or from a certificate authority, although the latter is not really necessary since you are setting up the server yourself and there is therefore no question about its authenticity).
Many profiles in the above "Device type" list have PTZ support enabled for them, in order to control cameras with mechanical PTZ. If your device does not have PTZ features, or if you otherwise want to disable PTZ support for a particular camera, enable this option. This simply removes the PTZ controls associated with the camera from SecuritySpy's user interface.
Network devices supply video data in a variety of compressed formats (typically JPEG, MPEG-4 or H.264). By default, the video data supplied by the camera will be captured directly from the device to the movie files that SecuritySpy creates. This ensures optimum quality, performance and lowest CPU usage. However, if you want SecuritySpy to apply a text overlay, a transformation (rotation/flip), or a video blanking mask (to obscure sections of the image), or if you want to re-encode the data to a more space-efficient format, then enable this option, and SecuritySpy will use the settings set under the Compression section in order to recompress the data while recording. Generally, if you require a text overlay, transformation or blanking mask, it should be applied in the camera itself (if available there), rather than SecuritySpy, to avoid the need for SecuritySpy to recompress the video data.
Network devices supply audio data in a variety of compressed formats (typically G.711, G.726, AMR or AAC). By default, the audio data supplied by the camera will be captured directly from the device to the movie files that SecuritySpy creates. This ensures optimum quality, performance and lowest CPU usage. However, it may be useful to enable this feature in order to record with AAC audio compression if your camera is not capable of providing this format, because when the video format is H.264 and the audio format is AAC, SecuritySpy can create MP4 files instead of MOV files. MP4 files play back in web browsers, whereas MOV files generally will not, so this is important if you will be viewing recorded footage via SecuritySpy's web interface.
This setting is available when you select Manual configuration as the profile. This is the request text that is sent to the device to instruct it to send media data. This setting is useful if you want to use a network device that doesn't support ONVIF, and isn't supported under an existing profile. Consult the documentation or manufacturer of your device for information about the format of HTTP or RTSP requests it understands.
When camera manuals specify this information, they typically do so in the form of a URL, for example:
This indicates that the RTSP format should be used, with the RTSP port set to port, and request.h264 as the Request.
This tab shows general configuration options for each camera, as follows:
This checkbox allows you to turn a particular camera off without completely removing it from the software. If you turn a camera off it will no longer be used and will not be viewed or captured from.
This menu has several options for transformations that can be applied to the video image to compensate for the mounting position of the camera (for example if it mounted upside-down or rotated to one side). The available transformations are: 180° rotation, 90° rotation clockwise, 90° rotation counter-clockwise, horizontal flip, and vertical flip. Note that, for network cameras, this setting is only available if you have chosen to recompress video data from the camera, under the Device section.
Use this option to draw a text overlay on all video frames. Use the placeholders +n, +d and \n to represent the camera name, date and time, and line break respectively. Note that, for network cameras, this setting is only available if you have chosen to recompress video data from the camera, under the Device section.
The video motion detection feature analyses the incoming video stream to detect motion. When the motion level exceeds the threshold (shown as the red line in the motion bar under the video image), for the duration specified by the "trigger time" setting, motion capture and actions will be triggered.
The sensitivity adjustment allow for variations in camera installation conditions, and whether you want SecuritySpy to capture upon the slightest movement, or instead limit recording to high levels of movement. High values make sure that motion detection will be triggered by even small amounts of motion in the video stream, however this may also result in false-positive triggers.
The "trigger time" setting specifies the minimum duration of continuous motion that will result in a trigger. The most sensitive setting is "1 frame", which will trigger if there is motion detected in a single video frame. However, this is likely to produce many false-positive triggers due to rain, lighting changes, insects and other transient motion. A trigger time of between 1 and 2 seconds is normally ideal: this provides a low rate of false-positive triggers while still being highly sensitive to real motion. Note that this feature works best when the frame rate of the incoming video is at least 5fps.
This feature triggers motion capture and actions when the audio level exceeds a certain threshold. The higher the sensitivity setting, the more SecuritySpy will trigger on very quiet sounds. To use this feature, an audio source must be enabled for this camera (under the Audio tab).
This feature triggers motion capture and actions when one of the camera's input ports is triggered. IP cameras typically have one or more input ports (sometimes called "IO ports", "Alarm inputs", "External inputs" or "Digital inputs") that can be connected to sensors such as PIR (Passive Infra Red) motion sensors, glass break detectors, door/window sensors etc. SecuritySpy currently supports the input ports of Axis, D-Link and Canon cameras.
By default, capture destinations are automatically created within a Captured Files folder, within the SecuritySpy folder in your Documents folder (~/Documents/SecuritySpy/Captured Files/). However, you can customise where SecuritySpy saves files using this setting, by selecting a volume or folder anywhere on your file system.
Important: when using a NAS (Network Attached Storage) device as the capture destination, make sure it is set to use AFP (Apple File Protocol), otherwise SecuritySpy may not be able to automatically delete old files, or display files correctly in its Browser feature. Most NAS devices support AFP, though this feature may not be enabled by default.
There are two masks that can be configured in this section:
This defines areas in the video image to be ignored by SecuritySpy's motion detection algorithm.
This defines areas in the video image to be completed obscured (drawn in black) in the live and recorded video footage.
Choose the mask you want to edit from the drop-down menu. To the right of this menu there are some handy options for manipulating the mask (e.g. to clear or invert it). Note that, for network cameras, the video blanking mask is only available if you have chosen to recompress video data from the camera, under the Device section.
This tab allows you to specify the audio settings for each camera:
Choose an audio input device to associate with this camera. Typically, for IP cameras, you will want to use the option "This network device", which indicates that SecuritySpy should take the audio feed from the camera itself.
This menu also lists all available local audio devices attached to your computer (built-in, USB, FireWire and Thunderbolt audio inputs), and you can associate any of these audio inputs with any camera.
If the audio device has more than one data source, these are listed here. For example, most built-in audio inputs in Mac computers have two data sources: Line In and Digital In; to use an analog audio source you would select Line In, or to use a digital source you would select Digital In.
This is the main factor that determines the quality of the audio - the higher the sample rate the better the quality, but the larger the captured files. A sample rate of 8000 Hz is normally adequate for video surveillance, though if you want higher quality, a setting of around 16000-22050 Hz will provide a significant improvement.
Each camera can use one or two of the audio device's channels. Using the left and right channel menus, you can select which channel on the device (numbered in the menu) is recorded to which channel in the captured movie (left or right). For example, if the audio device has 10 input channels and you want input 5 recorded to the movie as the left channel and input 6 recorded as the right channel, you would select 5 and 6 in these menus respectively. To simply record people speaking, only mono (one channel) audio is required, in which case you should select "None" for the right channel. If you are using stereo audio (two channels), this doubles the size of the audio data, so use this only if you need to.
You can choose whether to include audio in continuous-capture recordings and/or motion-capture recordings. By default, both options are enabled.
This tab allows you to specify settings for the Continuous Capture recording mode:
Enable this option to capture a movie file whenever the continuous-capture recording mode is armed.
Specify the rate at which to capture frames to the movie (leave empty for the maximum rate). Note however that if the incoming video is in MPEG-4 or H.264 format, and you have chosen not to recompress the video (see the Device settings), SecuritySpy will be unable to change the frame rate of the video, and it will therefore be recorded at whatever rate is being supplied by the camera.
Here you can specify when to create new movie files - there are four options:
Daily at midnight: a new movie file will be created at midnight each day. All footage captured during the day will be added to the same movie file, even if continuous-capture mode is disarmed and armed during this time.
Hourly (on the hour): a new movie file will be created at the beginning of each hour. All footage captured during each hour will be added to the same movie file even if continuous-capture mode is disarmed and armed during this time. This is a useful alternative to the Daily option above, producing smaller and therefore more manageable files that can be downloaded easily over the Internet.
Each time continuous capture is armed: a new movie file will be created whenever continuous-capture mode is armed, and will continue to be captured to until it is disarmed.
Every x Minutes/Hours/Days: a new movie file will be created at the frequency you specify. Whenever continuous-capture mode is disarmed and then armed, a new movie will also be created.
Enable this option to upload all continuous-capture movie files to an FTP server. If the "create new" setting is set to Daily at midnight, movies will be uploaded at the end of the day; otherwise movies will be uploaded as soon as they are finished.
This feature captures an image file to disk in JPEG format at the rate you specify.
Enable this option to upload all continuous-capture image files to an FTP server.
Use this option to periodically upload a JPEG image file with a fixed name to an FTP server, replacing the previous file each time. This is useful for continually updating an image on a web page.
Use this option to set a schedule for arming continuous-capture mode automatically, for when you want it active at certain times of the day or week.
This tab contains settings for the motion-capture recording mode, which captures movies or images in response to the motion triggers configured under the Setup tab:
Enable this option to capture a movie in response to a motion trigger. Motion triggers include video motion detection, audio detection and camera input ports, which can be enabled via the Setup tab.
There are two options for the motion-capture movie:
One movie per event: a separate movie file will be created for each motion detection event. This may result in a large number of individual movie files if there are frequent events, however it offers more resiliency to computer problems or tampering.
One movie per day: one movie file will be created each day containing all the motion detection events of that day. One large file may be easier to manage than lots of smaller files.
Specify the rate at which to capture frames to the movie (leave empty for the maximum rate). Note however that if the incoming video is in MPEG-4 or H.264 format, and you have chosen not to recompress the video (see the Device settings), SecuritySpy will be unable to change the frame rate of the video, and it will therefore be recorded at whatever rate is being supplied by the camera.
It is often useful to have video from both before and after a motion event; in the time before and after, even though the motion is not high enough to trigger recording, there is often something interesting happening that is worth capturing. This is the purpose of the Pre-capture and Post-capture features. The pre-capture feature uses a buffer of video frames in memory, so that when the capture is triggered, some video before the trigger is also captured.
Specify the number of seconds to continue capturing the movie after the motion trigger has stopped. This should be set to at least a few seconds in order to avoid many small movie files being captured for one longer period of motion.
Enable this option to upload all motion-capture movie files to an FTP server for off-site backup. If the capture type is set to One movie per day, movies will be uploaded at the end of the day; if the capture type is One movie per event, movies will be uploaded as soon as they are finished.
Enable this option to periodically capture JPEG image files when motion is detected.
Specify the capture frequency in terms of the number of seconds between image file captures.
Specify the number of seconds to continue to capture image files after the motion trigger has stopped.
Use this option to upload all motion-capture image files to an FTP server for off-site backup.
Use this option to set a schedule for arming motion-capture mode automatically, for when you want it active at certain times of the day or week.
This tab contains settings for actions to be performed in response to the motion triggers configured under the Setup tab:
Select a sound to play when motion is triggered. As well as the standard system sounds, there are several built-in sounds designed to scare off intruders, and you can add your own by placing sound files in SecuritySpy's Sounds folder (to locate this folder, click on the file File menu and select Reveal Folder in Finder / Sounds). Most sound formats are supported, including AIFF, WAV, MP3, and AAC.
Specifies the duration in seconds to play the sound after the motion trigger has stopped.
You can select a script to run when motion is triggered. To create your own scripts, use the Script Editor application that comes with macOS (this application is called AppleScript Editor on older system versions). Place your scripts in SecuritySpy's Scripts folder to make them available to invoke as actions (to locate this folder, click on the file File menu and select Reveal Folder in Finder / Scripts). A few scripts are included with SecuritySpy, including ones that control switch/relay devices that can trigger external devices such as lights and alarms. The built-in scripts work with WebRelay and Web-i IO devices.
This feature sends an email, optionally with attached JPEG images, to an address you specify. To send the email to multiple addresses, enter them separated by commas.
This setting allows you to trigger recording in one camera based on a motion trigger in another. This could be useful for when you have multiple cameras covering the same area, and want recording to take place in all the cameras when any one detects motion, thereby increasing the chance of capturing something interesting.
If this option is enabled, whenever there is a motion trigger for this camera, SecuritySpy will come to the front, above all other applications, and will display the camera's video window.
This option allows you to specify a delay in seconds after a motion trigger, before performing any of the actions
Once the actions are triggered, this delay specifies the minimum time before they can be triggered again. Without this delay, an action could be invoked many times in quick succession if there is lots of motion, which is usually undesirable. Therefore, it is advisable to specify a delay here of at least the length of a typical motion detection event.
Use this option to set a schedule for arming actions automatically, for when you want them to be triggered only at certain times of the day or week.
This section allows you to specify groups of cameras that can be displayed via their own group windows. For large installations, organising the cameras into logical groups in this way makes viewing them much more manageable.
Choose how you want cameras to appear in the group window:
Display cameras in grid - just like the All Cameras window, the group window will display all its member cameras at once, in a grid arrangement.
Cycle between each camera - this option will display one camera at a time, sequentially.
Cycle between groups of four cameras - this option will display four cameras at a time, sequentially in groups of four.
Specify the number of seconds between cycles, when using either of the Cycle display options.
Simply enable the checkbox next to each camera you want to include in the group.
This feature allows you to set up weekly schedules for arming camera modes automatically. All schedules created here will be available to all cameras, and can be used to arm their continuous-capture, motion-capture and action modes independently.
Times when cameras will be armed are represented as red "time objects". Each time object has a start and end time, which define when the camera will be automatically armed. Click and drag to create new time objects, or to move or edit existing time objects. To remove a time object, click on it and press the delete key on the keyboard. In the above example, the camera will be set to active mode from 8 AM to 5 PM on weekdays only. SecuritySpy doesn't need to be running before the start time of a time object - if you launch it at any time marked in red on the schedule, all cameras using the schedule will be armed automatically.
This section allows you to specify the video and audio compression that will be performed for any camera set to be compressed by SecuritySpy. This applies in the following cases:
For any network camera that is supplying H.264 video data, for optimum quality and performance, you should not enable the Recompress video data option in the Cameras -> Device settings unless you need to do so for some specific reason (e.g. you want SecuritySpy to add a date/time overlay on the video stream and the camera is incapable of doing this).
Limiting the use of audio recompression is less important, because it requires much less CPU time than video recompression. Ideally, your cameras can supply audio in AAC format, but for any camera that cannot, you might want to set SecuritySpy to re-encode to AAC format. The advantage of recording AAC audio is that SecuritySpy can then create MP4 movie files (rather than MOV movie files), which are much more compatible for playback by web browsers. If you don't need to play back the captured files in web browsers, then it's best to leave the Recompress audio data option turned off.
Choose between the following video compression codecs:
JPEG: Produces high-quality video and is fast to compress, so performance with this codec is very good, however the size of captured movie files will be large.
MPEG-4: Produces video at lower data rates than JPEG. It is reasonably quick to compress and will give good performance on a reasonably fast computer. This is a somewhat obsolete codec, which is only available when running the 32-bit version of SecuritySpy.
H.264: This is a very efficient codec that will produce small file sizes. On modern Macs with built-in hardware video compression capabilities, this will be fast to compress, but the number of cameras that can be compressed by hardware will vary between Mac models. On older Macs without hardware video compression capabilities, this uses significant CPU time to compress. Use this option if you need SecuritySpy to create MP4 movie files that play back in web browsers.
MPEG-4 and H.264 support temporal compression. Depending on the content, video can have a high level of temporal redundancy, that is, very often one frame is similar to the last frame. Temporal compression exploits this redundancy to reduce the file size of the resulting video. Temporal compression works by using "key frames" at regular intervals, followed by several "delta frames". The key frames contain the complete video image; the delta frames contain only the portions of the image that have changed since the last key frame.
Images from surveillance cameras often have a high level of temporal redundancy because usually most of the image is constant and only a small portion is changing. Therefore the use of temporal compression can significantly decrease captured file sizes without significantly degrading quality.
The higher the quality setting, the better the visual quality of the resulting movie files. However, higher quality settings will result in larger files. A setting of around 50-60 is normally ideal.
Choose between the following audio compression codecs:
None: No compression - this setting gives the best quality and lowest processor usage. Since the data rate of audio is generally much lower than that of video, unless you require very small file sizes, using no audio compression can be a good option. If you choose this option, you should set a low sample rate and mono audio in order to minimise the data rate (these options are set independently for each device, via the Cameras -> Audio settings.
Apple Lossless: This gives quality equal to no compression (since it is a lossless codec), at roughly half the data rate, and is reasonably quick to compress.
µ-Law: This is a very efficient codec designed specifically for compressing speech quickly at a very low data rate (64kbps).
AAC: This produces high-quality audio at low data rates, but is the most processor-intensive of the available codecs. Use this option if you need SecuritySpy to create MP4 movie files that play back in web browsers.
For the AAC codec, you can set a quality level, which will determine the bitrate of the encoded audio data (the exact bitrate used will depend on the sample rate of the source audio, which can vary from camera to camera). A value of around 50 gives reasonably good quality audio at an efficient bitrate.
Whenever SecuritySpy needs to create a still JPEG image, it will use this quality setting for the encoding. This applies to still images captured to disk, images attached to emails, and images delivered via the web interface.
This section allows you to specify settings for sending emails:
When an email is sent in response to a motion trigger on a particular camera, this setting defines now many JPEG images from the camera will be attached to the email.
This defines the frame rate at which images are added to motion-triggered emails.
You can send images at full size, but with high-resolution cameras this results in large emails that are slow to transfer. To keep email sizes small and transfer speeds high, choose a smaller size from one of the available options.
This is the subject field that is used for emails triggered by motion detection. If you leave this blank, a subject will be created automatically. When specifying a custom subject, you can enter +d for the current date and time, and +n for the camera name.
By default, SecuritySpy will use its own email relay service, which requires no configuration whatsoever. This service is provided by us, and its usage is free for all SecuritySpy users (though we do limit the size and frequency of emails, in order to ensure good performance for all users).
The other option is to use your own SMTP server — this requires configuration as follows:
The address of the server used to send mail. This is normally provided by your ISP (Internet Service Provider).
If your server uses a non-standard port, you can specify this here using a colon and then the port number. For example, if your server uses port 28, you would enter "smtp.example.com:28". Most SMTP servers operate on standard ports (25 for non-encrypted communication and 465 for encrypted SSL communication), so if you have not been told by your ISP to use a particular port, don't specify a port number and the standard one will be used automatically.
The small pop-up menu to the right of this field contains a few presets for common email accounts; select one and the server address any any other appropriate settings will be set automatically.
This is the return address sent with emails to identify the sender. You should always use a valid email address here, as spam filters will block messages without one. Also, many SMTP servers will not accept just any return address: usually it must be from the same provider as the SMTP server.
This is the name associated with the return address. It is optional, however if you don't specify a name here, there is a higher chance of emails being blocked by spam filters.
Most SMTP servers require authentication - if yours does, enter your username and password here. The username is typically your email address.
You can choose between no encryption, implicit encryption, or explicit encryption (if your mail server uses encryption, it will probably use the explicit method). An increasing number of email servers support encryption (some even require it), however many servers do not support it, and enabling this feature when using such servers will prevent emails from being sent. Therefore, you should check the instructions supplied by the provider of the SMTP server, and enable this feature only if your email server supports it.
Once you have configured the email settings, you can test them by clicking this button. SecuritySpy will attempt to send a test email, and will report any problems it encounters.
This section allows you to specify settings for FTP uploads to remote servers, which is useful for off-site backup of footage. The same FTP server with different paths may be used for different upload destinations, so one camera can be set to upload to a particular directory on the server and another camera to a different directory on the same server. To check directory paths and download or delete files, you will need to use a graphical FTP client utility such as Cyberduck.
Enter the IP address (e.g. 192.168.1.1) or hostname (e.g. ftp.example.com) of the FTP server.
If you specify a path that starts with a forward slash character, this denotes an absolute path from the server's root directory. A path that does not begin with a forward slash character denotes a relative path from the default directory. The default directory depends on the server - generally each user has a folder on the server which is used as the default directory and set automatically by the server when that user logs in.
For example, consider the following directory layout:
If you were to log in as user1, the server will most likely set the initial directory as /pub/user1/. In this case, to have images uploaded to the user1 directory, you could either leave the path field empty, or you could specify "/pub/user1/" to be explicit. To have images uploaded to the "images" folder within the "user1" folder, you could specify either "/pub/user1/images/" or simply "images" for the path (in all cases it doesn't matter whether you put a forward slash at the end of the path or not). Generally, you should let the server decide the default directory and use a relative path, unless you have a specific reason to use an absolute path.
If the directory that you specify does not already exist on the FTP server, SecuritySpy will attempt to create it.
Choose from the following protocols:
FTP: this is the standard unencrypted file transfer protocol. It is widely supported and reliable, however being unencrypted is not as secure as the following two protocols.
FTPS: sometimes called FTP-SSL, this is the secure encrypted version of the FTP protocol. Unfortunately it is not very widely supported.
SFTP: sometimes called SSH File Transfer Protocol, this is a widely-supported secure file transfer protocol that provides secure encrypted communication. This is generally the one to use when you want encryption.
To see the status of current uploads at any time select Uploads from the Window menu.
SecuritySpy features a built-in web server that allows you to view live camera streams, download captured footage, change settings and control the software, all from a remote location over a local network or the Internet.
SecuritySpy includes both a standard HTTP web interface and an encrypted secure HTTPS web interface. Standard HTTP sends and receives data in its raw form, which is suitable for local networks but not safe for communicating over the internet where the data could potentially be intercepted by a third party. By contrast, HTTPS is a secure protocol that employs encryption, making it extremely difficult for someone to decode any intercepted data. HTTPS is therefore strongly preferred for sending sensitive information over the internet, such as passwords and CCTV camera footage.
The HTTP and HTTPS servers each operate on their own network port. A port number represents a "channel" for network communication, and allows different applications on the same device to use the network without interfering with each other. Note that on macOS, it is not possible for an application such as SecuritySpy to use ports below 1024 (unless you specifically run it as a root process, which is not advisable). SecuritySpy's default ports are 8000 and 8001 for HTTP and HTTPS respectively.
From another computer on your local network (LAN), you can access the server with a web browser using the server's IP address and port number, or its Bonjour name and port number, for example:
When using the DDNS feature in conjunction with the Automatic port forwarding options (see below for explanations of these features), you will be able to access SecuritySpy from the Internet like this:
Note that local network addresses won't work from the Internet, and Internet addresses may not work from within your local network (depending on your router).
Click the How Do I Access This Server? button to get a list of the addresses you can use to access your SecuritySpy server from your local network and from the Internet. If you need to configure your Mac's LAN IP address, you can do so via the Network pane of the System Preferences.
Secure servers require a private key and a certificate in order to perform the encryption and identify the server. There are two kinds of certificate you can use: a self-signed certificate, or a certificate signed by a certificate authority. Both provide the same level of encryption, however self-signed certificates do not provide the same level of assurance to the client regarding the authenticity of the server, hence a web browser connecting to such a server will display a warning to this effect. For SecuritySpy however, you are the one setting up the server and so you can be certain about its authenticity. Therefore the use of a self-signed certificate for SecuritySpy is entirely suitable; simply ignore the warning displayed by the web browser.
There is one caveat here, in that iOS will refuse to play back movie files delivered by an HTTPS server with a self-signed certificate. So, if you want to play back movies on an iPad or iPhone, you will either need to use the standard HTTP interface, or you will need to purchase an official certificate to use with SecuritySpy.
The address you use to access SecuritySpy should match the certificate's hostname, otherwise you will get an additional warning from the web browser about a hostname mismatch. Therefore, for connecting to SecuritySpy over the internet, we recommend that you use SecuritySpy's Dynamic DNS feature (see below), set this as the hostname in the certificate, and use it to access SecuritySpy over the internet.
In order to use a self-signed certificate with SecuritySpy, simply enable the "HTTPS server enabled" option in the above window - SecuritySpy will generate a key and certificate automatically. The Dynamic DNS address that you have set up will be used as the certificate's hostname, so make sure to create this and use it to access SecuritySpy.
In order to use a certificate obtained from a certificate authority, firstly you will need to generate a private key and a certificate signing request (typically using OpenSSL via the Terminal - instructions should be provided by the certificate authority). You send the certificate signing request to the certificate authority and they send back a signed certificate. Place the private key, main certificate, and any intermediate certificates into the SecuritySpy folder within your Documents folder, and then quit and relaunch SecuritySpy.
When supplying a private key, it must be as follows:
When supplying a certificate, it must be as follows:
To allow access to SecuritySpy from the Internet, your router must be configured to forward incoming connections to SecuritySpy. Use these options to enable automatic port forwarding for the HTTP and/or HTTPS port. For this to work, your router must support, and have enabled, either NAT Port Mapping Protocol (NAT-PMP), or Universal Plug and Play (UPnP). Almost all routers support at least one of these protocols, and most have this feature enabled by default.
IMPORTANT: when using this feature, your system becomes much easier to access from the Internet, so you should create at least one web server account, with a strong password, to protect your SecuritySpy web server.
Most Internet connections provide a dynamic public IP address, which can change from time to time. If you want to access your system over the Internet, you will need a static address, which is what SecuritySpy's DDNS system provides. Simply enter the DDNS name you want to use and click the Test button; the indicator will turn green to indicate success or red to indicate a problem (e.g. if the name you requested is not available). Once enabled, the Internet address example.viewcam.me will always point to your public IP address, even when it changes.
IMPORTANT: with DDNS enabled, your system becomes easier to access from the Internet, so you should create at least one web server account, with a strong password, to protect your web server.
You can enter any text here in order to customise the name of the web server. As well as being used as the Bonjour name (see below), this name gets displayed by a web browser when it requests authentication. For example, here is the message displayed by the Safari web browser when it connects to a password-protected server with the name "My Web Server" (other web browsers display similar messages):
This requires that HTTPS web clients use the latest and most secure version of TLS (the cryptographic protocol underlying HTTPS). Leave this option enabled unless you need the web server to be accessible to to older clients that don't support TLS 1.2. Note that macOS system versions before 10.9 do not support TLS 1.2, so most software running on these systems will not be able to connect to the server if this option is enabled.
There are a variety of different cryptographic protocols that can be used for an HTTPS connection; these are negotiated between the client and server whenever a new connection is made. Many older protocols (such as RC4, MD5 and DES) have been found to have security flaws, and therefore should be avoided if possible. Enabling this option ensures that these insecure protocols will not be used, however this may prevent older clients from being able to connect to the web server.
Bonjour is a method of "zero configuration" network setup, which makes it easy to find devices. Enabling Bonjour allows Safari, iOS apps, and other instances of SecuritySpy to easily find your SecuritySpy server on the network.
Normally, QuickTime movies and MP4 files have a movie resource at the end of the file (the movie resource holds necessary information about all the frames in the movie and therefore has to be written to the file last, after all the frames have been written). This works well when the movie is on a local drive because the movie resource is instantly accessible, however if the movie is being received from a slower source such as the Internet the whole movie must be downloaded before it can be played, which may take some time. In Fast Start movies, the movie resource is at the beginning of the file so that the movie can start to play before it has completely downloaded.
If this option is enabled, the movie resource will be read from the end of the file and sent first, so the movie will be Fast Start when it is received by the client computer.
When enabled, SecuritySpy will create a text file containing information about every connection to the web server, including the connection time, the client's address, and the requested page. To view the log, select the "Open Web Log" option from the File menu in SecuritySpy.
SecuritySpy uses the server name text (see above) as its Bonjour name. Note that if you have enabled the macOS firewall feature on the computer running SecuritySpy, this may prevent Bonjour from working properly. Therefore you may have to disable the firewall if you want to use Bonjour to connect to SecuritySpy servers. The firewall settings are accessible in the Security & Privacy System Preference.
To enable password protection to restrict access to your SecuritySpy server, you must add at least one web server account; if you don't add any accounts, there will be no password protection. If your SecuritySpy server will be accessible from the Internet, we strongly recommend that you enable password protection.
This pane allows you to specify settings for a web server account:
Enter the username and password that will be required to log in with this account. The username is not case sensitive, but the password is; both can be up to 31 characters long.
Specify a number of seconds after which to cut off any live video stream being viewed via this account.
This setting allows you to restrict access to the web server via this account to certain times of the day.
There are a few preset permissions levels, and a fully customisable one, as follows:
View - the user can view live video from any camera.
View, Download - the user can view live video, and download previously-captured footage for any camera.
View, Download, control PTZ - the user can view live video, download previously-captured footage, and control Pan/Tilt/Zoom for any camera.
Administrator - the user has full access to every web server feature.
Custom - under this setting, you can specify which features of which cameras the user has access to. Select the camera(s) for which you want to allow certain actions, and set the permissions accordingly. Select the All cameras option to set permissions that will apply to all cameras — this makes it easy to give a particular user a certain level of access for all cameras, while still being able to apply additional permissions for individual cameras.
Accessing SecuritySpy from the Internet
Setting up access to your system from the Internet requires configuration of your router. For instructions, please see the Remote monitoring section of the SecuritySpy Installation Manual.
SecuritySpy comes with its own Dashboard widget for easy remote viewing of video streams from your SecuritySpy server over a local network or the Internet. Click here to download the SecuritySpy widget - it will be installed automatically into your widgets folder and will be immediately available in Dashboard. The first time you load the widget you will need to specify some settings so that it knows where the SecuritySpy web server is. To open the settings window click the info button (the i symbol in the bottom right hand corner of the widget). The settings look like this:
The widget has the following settings:
If, instead of the image, you get a question-mark icon, it means that the widget wasn't able to get the image. Check the address, camera number, username and password to make sure they are all correct.
You can create multiple instances of the widget in order to view several different cameras at the same time, and the widget can be used without restriction on as many computers as you like.
This widget can also be used on Windows and Linux computers with the Kludget Engine software.
SecuritySpy's Browser feature allows you to view and manage captured footage. Choose Browser from the Window menu to open the Browser:
Select one or more cameras and specify a date, and the Browser will display all files matching these criteria. The main components of the browser are:
For the date you specify, the Browser displays all footage captured during that day. Click the calendar icon to get a pop-up graphical calendar, which makes choosing the desired date much easier.
This list shows all active cameras in SecuritySpy. Select up to six cameras to view footage from them all, synchronised together. To select multiple cameras, shift-click or command-click entries in the list.
This list shows all the files that have been captured by all selected cameras, on the specified day. Click on any file in this list to jump to it in the timeline.
The timeline shows a graphical representation of time periods during the day that have captured video footage for each selected camera. Click within the header area of the timeline to change the current cursor time, and click and drag left and right to scrub backwards and forwards through the video footage. Hold the shift key on the keyboard while dragging the timeline cursor to select a time period, when you can then export.
Any files captured since the last scan will be added in red, indicating that they have not yet been queued for display in the movie area. To play these files, use the Rescan option in the Browser menu (see below) to add them to the movie display.
Files in the trash are showed in grey, but will still be playable until you empty the trash.
This is the area that actually displays the captured footage. If you have selected multiple cameras, they will be displayed in a grid, in the most optimal arrangement for the size of the Browser window and the resolution of each selected camera.
The Browser menu in the menu bar contains the following options:
This option allows you to export any file that is currently selected in the file list. The video and audio data is copied directly to the exported file, so there is no loss of quality.
When exporting a file, you have the option to set the playback frame rate. In this way, you can create timelapse movies that play back at much faster speeds than real-time. Note that doing so will remove any audio track in the movie.
Make a selection in the timeline by dragging the cursor while holding the shift key. Then, for any camera that is currently selected in the camera list, this option allows you to export the video footage contained within the selected time period. The video and audio data is copied directly to the exported file, so there is no loss of quality.
For any camera you have selected in the camera list, this option allows you to export a still image from the current time as a JPEG file. This option is available only if there is some valid footage for the specified camera at the current time.
This rescans files for the currently-selected camera(s) and date. This is useful for adding to the movie display any files that have been captured since the last scan, in order to play them.
This option tells the Finder to show all the files that are currently selected.
This moves all selected files to the Browser's trash. The Browser keeps its own trash, separate from the Finder's trash.
Use this option to permanently delete all files in the Browser's trash.
Use these options to zoom in or out in the timeline view. Zoom in to see the position of time objects in detail, or zoom out to get a more general picture of captured footage throughout the day.
The Browser also supports JKL keyboard shuttle controls: pressing L causes the playback to speed up in the forward direction by a factor of 2, J causes the playback to speed up in the reverse direction by a factor of 2, and K pauses the playback.
Network devices connect to the computer over a wired or wireless ethernet network. There are two kinds of network device: network cameras and network video servers (sometimes referred to as IP cameras and IP video servers). They are similar in the way that they send video over the network, but whereas a network camera is a self-contained all-digital unit, a network video server has one or more analog inputs for connecting analog cameras. Due to significant limitations of analog video, all new installation should exclusively use IP cameras.
To find a camera suitable for your system, see our comprehensive searchable list of supported network cameras. Even if a particular camera is not on this list, it is highly likely that it will work with SecuritySpy using the ONVIF protocol, or with the correct HTTP or RTSP request string (this can usually be obtained from the camera's documentation or by requesting this information directly from the manufacturer). SecuritySpy supports all major video streaming formats produced by network cameras (HTTP and RTSP protocols; JPEG, MPEG-4 and H.264 video formats; AAC, G.711, G.726, PCM and AMR audio formats).
While SecuritySpy is attempting to connect to a network devices it displays a flashing connection icon. If, for any reason, the connection fails, you will see an icon of a camera with a cross through it, and a message to inform you of the problem. Connections can fail for a number of reasons such as an incorrect username/password, incorrect IP address, or network problem. If a connection fails, check the log (select Open Log from the File menu), as it will give you more information about what the problem is. SecuritySpy will repeatedly attempt to connect to network devices, to ensure reliability in the event of a temporary problem with the network or device.
Each video window containing a camera that supports PTZ will have a PTZ button in the right side of the window's title bar: click this button and a PTZ drawer will slide out, allowing you to control the cameras in the window:
The PTZ controls act as a "virtual joystick", allowing you to control direction, as well as speed of movement, for cameras that support variable-speed movement (the further you move the blue indicators from the centre of their respective control areas, the faster the movement).
If your camera supports preset positions, the eight preset buttons will be available. To save the current position of the camera as one of the presets, hold the alt (option) key on the keyboard and click a preset button (the Home position, if available, is typically pre-set by the manufacturer and cannot be changed).
Click the gear button in the top right of the PTZ drawer to reveal these settings:
Here you can name each preset position, as well as specify the maximum speed at which your camera will move (if you camera supports variable-speed movement).
You can also control PTZ from the keyboard, using the arrow keys, or the numeric keypad on the right of standard keyboards (1 on the keypad corresponds to down-left and so on). For cameras that support variable-speed movement, holding the shift key while using these keyboard shortcuts moves the camera 50% faster than the standard speed.
You can recall presets by pressing a number key at the top of the keyboard; hold alt (option) with a number key to save a preset.
Even if you don't have the PTZ drawer open, simply click once on the video image of the camera you want to control, and you can then use these keyboard shortcuts.
Hold the shift key (or enable caps lock), and click directly in a camera's image in any video window to control its pan and tilt: a click on the right side of the video image will move the camera right and so on. If your camera supports variable-speed movement, the distance of your click from the centre of the image defines the speed of movement.
Note that devices typically require administrator username/password details for controlling PTZ, so make sure these have been entered correctly in the Preferences -> Cameras -> Device window. Non-admin authentication details required for simply viewing video may not be enough for controlling PTZ.
It is possible to use one instance of SecuritySpy running on one Mac to view cameras attached to another instance of SecuritySpy running on a different Mac. In this way, you can use SecuritySpy as client viewing software, providing a better user experience than viewing via web browser. For the purposes of viewing-only, SecuritySpy can be used free of charge in its unlicensed state.
To set up one Mac (the server) to transmit video to another Mac (the client):
Note that every viewing instance puts additional processing load on the server. You can reduce this load by specifying a low frame rate in the above window.
Here are the steps we recommend to set up your SecuritySpy system to operate autonomously:
Open SecuritySpy and click and hold the mouse button on the SecuritySpy icon in the Dock. From the menu that pops up, select Options -> Open at Login:
Open System Preferences and click the Energy Saver item. Drag the Computer sleep slider control all the way to the right, where it says Never. It is also recommended for best performance to disable the setting Put hard disks to sleep when possible. Display sleep should be enabled to save power and prevent monitor damage.
Open System Preferences and click the Energy Saver item. Enable the option Start up automatically after a power failure. For extra protection, click the Schedule... button and set the Mac to start up automatically every day.
See the Preferences -> Web section in this manual for details.
Video windows are not required if there is no one operating the computer, and they will use CPU time resulting in lower performance.
Using multiple cameras simultaneously involves moving, calculating and storing large amounts of data. To get the most out of your computer you should:
For information about how to choose, install and set up the hardware of your video surveillance system, see the SecuritySpy Installation Manual.
For up to date troubleshooting and help please see the SecuritySpy online help pages.
If your question is not answered in the online help pages, please email it to email@example.com.
To find out which specification of computer is required for a particular camera setup, see the SecuritySpy System Requirements Calculator.