PunkBuster is an anti-cheat system developed by Even Balance, and integrated into several big name games, including the Linux supported ones.
This I've written from personal experience. It isn't endorsed by anyone else and the features upon which it relies upon could potentially be removed at any time from PunkBuster. I'm unaware of any reason for not publishing this.
Here is a quick guide to configuring Syslog to log pb information from Quake 3. You can use syslog to distribute information about PB activity from various game servers that you manage. These alerts can then be logged to a file, displayed on a logging console or passed to your choice of helper application for immediate attention. Syslog can run on the same machine as your gameservers, or a completely separate box. (even if syslog is running on the same box as your server, it can still distribute notices to other boxes)
Firstly, though pb normally sends logs to to 24389, to use syslog to listen for packets on the logging port 514, by passing the
parameter -r to sysklogd. How this is done varies by system
distribution, but for Debian you can edit /etc/init.d/sysklogd. Slackware users
could edit /etc/rc.d/rc.syslog.
Before experimenting with pb's config, its good to manually update it to the latest version. This can be done using their pbweb utility. Put pbweb.x86 in ~/.q3a/pb/ then run it from there.
Next, you want to instruct pb to send the logging info to Syslog. I found this worked with the server, though similar commands could theoretically work with the client if fixed. (The feature is intended for players to have a log of gaming activity with a trusted neutral third party, should any disputes over cheating arise.)
Enter the following into the Q3 console. You can use tab completion to see the available commands.
/pb_sv_LogAddr 127.0.0.1
/pb_sv_LogPort 514
/pb_sv_writeCfg
This tells the master server this server is running, even if not dedicated.
/heartbeat
Note that the logging address will be the IP of the machine to which you want to send loggings to, here we're using the localhost for example. I also recommend the setting of LogUser and LogPw which can be used by syslog processes to veryfy the origin and authenticity of messages.
Now, if you type /pb_sv_ver, the server will respond with a version on the console, and also
sends it to syslog. It'll likely appear in the /var/log/messages too.
You can use software to monitor pb events in real-time and perform actions based on this information, including logging to a website.
Firstly, make a new fifo in a suitable location on your system.mkfifo -m 0660
/var/log/punkbuster
Its advisable to set the permissions on it so that only authorised users are able to monitor events. Here I am using the Debian group permitted to read logfiles, as non-pb events may also appear on the pipe. You may like to add yourself to that group so you can read events.
chown root.adm /var/log/punkbuster
Finally, syslog needs to be told to copy pb events to the fifo. Add the line
user.notice |/var/log/punkbuster to /etc/syslog.conf, and
restart/reload syslog. In future pb may also log on other syslog message types, you can
determine what these are by starting syslog in debug mode.
Now, if you type cat /var/log/punkbuster it will block until Quake3 is started,
and all output from the pb server will then appear there, as it happens.
A typical line might look like this:
Jan 00 00:00:00 localhost LEBRep "username" 0123456789ABCDEF0123456789ABCDEF |1| PunkBuster Server Enabled
Firstly there is the date, time, hostname, and pb keyword, then the username and password given to pb for logging (the password is one-way hashed), then a message iterator followed by the actual message. The date and time are from the local clock, so run ntp to assure that there will be no arguing with the referee. ☺
Your program can open this fifo and use it to monitor pb events real-time, including violations as they happen, and a scripted response can be initiated.
Many custom activties will requre return communicaton with the server/pb console, and this can be achieved by sending it UDP datagrams. You'll likely require the remote console password to be coded in to administrate.
Note: Yes I'm aware that pb log packets could be directly handled, and quickly, by a Java, or other handler program. This may be the only option if access to syslog is limited on a machine. Syslog does however pose the advantage of tried and tested event logging reliability, and events can be distributed between multiple custom utilites.