AXIS S3016 Recorder

Chrome^TM

Firefox^®

Edge^TM

Safari^®

Windows^®

macOS^®

Linux^®

Other operating systems

Show or hide the main menu.

Access the release notes.

Access the product help.

Change the language.

Set light theme or dark theme.

The user menu contains:

• Information about the user who is logged in.

• Change account : Log out from the current account and log in to a new account.

• Log out : Log out from the current account.

The context menu contains:

• Analytics data: Accept to share non-personal browser data.

• Feedback: Share any feedback to help us improve your user experience.

• Legal: View information about cookies and licenses.

• About: View device information, including firmware version and serial number.

• Legacy device interface: Change the device’s web interface to the legacy version.

Upgrade firmware: Upgrade the firmware on your device. Takes you to the Maintenance page where you can do a firmware upgrade.

NTP settings: View and update the NTP settings. Takes you to the Date and time page where you can change the NTP settings.

Hardening guide: Link to AXIS OS Hardening guide where you can learn more about cybersecurity on Axis devices and best practices.

Shows the status of network ports and power information including allocated power and total PoE consumption.

Network ports settings: Click to go to the Network ports page where you can change the settings.

Shows the storage status and information including free space and disk temperature.

Storage settings: Click to go to the Onboard storage page where you can change the settings.

View details: View and update the list of connected clients. The list shows IP address, protocol, port, state, and PID/process of each connection.

Recordings: View ongoing and filtered recordings and their source. For more information, see Recordings

Shows the storage space where the recording is saved.

Play the recording.

Stop playing the recording.

Show or hide information and options about the recording.

Set export range: If you only want to export part of the recording, enter a time span.

Encrypt: Select to set a password for exported recordings. It will not be possible to open the exported file without the password.

Click to delete a recording.

Export: Export the whole or a part of the recording.

Click to filter the recordings.

From: Show recordings done after a certain point in time.

To: Show recordings up until a certain point in time.

Source: Show recordings based on source. The source refers to the sensor.

Event: Show recordings based on events.

Storage: Show recordings based on storage type.

Add app: Install a new app.

Find more apps: Find more apps to install. You will be taken to an overview page of Axis apps.

Allow unsigned apps: Turn on to allow installation of unsigned apps.

Allow root-privileged apps: Turn on to allow apps with root privileges full access to the device.

View the security updates in AXIS OS and ACAP apps.

Use the switch next to the app name to start or stop the app.

Open: Access the app’s settings. The available settings depend on the application. Some applications don’t have any settings.

The context menu can contain one or more of the following options:

• Open-source license: View information about open-source licenses used in the app.

• App log: View a log of the app events. The log is helpful when you contact support.

• Activate license with a key: If the app requires a license, you need to activate it. Use this option if your device doesn’t have internet access.

  If you don’t have a license key, go to axis.com/products/analytics. You need a license code and the Axis product serial number to generate a license key.

• Activate license automatically: If the app requires a license, you need to activate it. Use this option if your device has internet access. You need a license code to activate the license.

• Deactivate the license: Deactivate the license to replace it with another license, for example, when you change from a trial license to a full license. If you deactivate the license, you also remove it from the device.

• Settings: Configure the parameters.

• Delete: Delete the app permanently from the device. If you don’t deactivate the license first, it remains active.

Synchronization: Select an option for the device’s date and time synchronization.

• Automatic date and time (manual NTS KE servers): Synchronize with the secure NTP key establishment servers connected to the DHCP server.

• • Manual NTS KE servers: Enter the IP address of one or two NTP servers. When you use two NTP servers, the device synchronizes and adapts its time based on input from both.

• Automatic date and time (NTP servers using DHCP): Synchronize with the NTP servers connected to the DHCP server.

• • Fallback NTP servers: Enter the IP address of one or two fallback servers.

• Automatic date and time (manual NTP servers): Synchronize with NTP servers of your choice.

• • Manual NTP servers: Enter the IP address of one or two NTP servers. When you use two NTP servers, the device synchronizes and adapts its time based on input from both.

• Custom date and time: Manually set the date and time. Click Get from system to fetch the date and time settings once from your computer or mobile device.

Time zone: Select which time zone to use. Time will automatically adjust to daylight saving time and standard time.

• DHCP: Adopts the time zone of the DHCP server. The device must connected to a DHCP server before you can select this option.

• Manual: Select a time zone from the drop-down list.

Assign IPv4 automatically: Select to let the network router assign an IP address to the device automatically. We recommend automatic IP (DHCP) for most networks.

IP address: Enter a unique IP address for the device. Static IP addresses can be assigned at random within isolated networks, provided that each address is unique. To avoid conflicts, we recommend you contact your network administrator before you assign a static IP address.

Subnet mask: Enter the subnet mask to define what addresses are inside the local area network. Any address outside the local area network goes through the router.

Router: Enter the IP address of the default router (gateway) used to connect devices that are attached to different networks and network segments.

Fallback to static IP address if DHCP isn’t available: Select if you want to add a static IP address to use as fallback if DHCP is unavailable and can’t assign an IP address automatically.

Assign IPv6 automatically: Select to turn on IPv6 and to let the network router assign an IP address to the device automatically.

Assign hostname automatically: Select to let the network router assign a hostname to the device automatically.

Hostname: Enter the hostname manually to use as an alternative way of accessing the device. The server report and system log use the hostname. Allowed characters are A–Z, a–z, 0–9 and -.

Assign DNS automatically: Select to let the DHCP server assign search domains and DNS server addresses to the device automatically. We recommend automatic DNS (DHCP) for most networks.

Search domains: When you use a hostname that is not fully qualified, click Add search domain and enter a domain in which to search for the hostname the device uses.

DNS servers: Click Add DNS server and enter the IP address of the DNS server. This provides the translation of hostnames to IP addresses on your network.

Bonjour^®: Turn on to allow automatic discovery on the network.

Bonjour name: Enter a friendly name to be visible on the network. The default name is the device name and MAC address.

UPnP^®: Turn on to allow automatic discovery on the network.

UPnP name: Enter a friendly name to be visible on the network. The default name is the device name and MAC address.

WS-Discovery: Turn on to allow automatic discovery on the network.

Allow O3C:

• One-click: This is the default setting. Press and hold the control button on the device to connect to an O3C service over the internet. You need to register the device with the O3C service within 24 hours after you press the control button. Otherwise, the device disconnects from the O3C service. Once you register the device, Always is enabled and the device stays connected to the O3C service.

• Always: The device constantly attempts to connect to an O3C service over the internet. Once you register the device, it stays connected to the O3C service. Use this option if the control button on the device is out of reach.

• No: Disables the O3C service.

Proxy settings: If needed, enter the proxy settings to connect to the proxy server.

Host: Enter the proxy server’s address.

Port: Enter the port number used for access.

Login and Password: If needed, enter username and password for the proxy server.

Authentication method:

• Basic: This method is the most compatible authentication scheme for HTTP. It’s less secure than the Digest method because it sends the username and password unencrypted to the server.

• Digest: This method is more secure because it always transfers the password encrypted across the network.

• Auto: This option lets the device select the authentication method depending on the supported methods. It prioritizes the Digest method over the Basic method.

Owner authentication key (OAK): Click Get key to fetch the owner authentication key. This is only possible if the device is connected to the internet without a firewall or proxy.

Power over Ethernet

• Allocated power: Number of watts (W) that are currently allocated.

• Total PoE consumption: Number of watts (W) that are consumed.

• Keep PoE active during recorder restart: Turn on to supply power to connected devices during a restart of the recorder.

Click to show or hide the ports image.

• Click a port in the image to see the port details in the port list.

Port list

• Port: The port number.

• PoE: Turn on or off PoE for the port.

• Network: Turn on or off network for the port.

• Status: Shows if there is device connected to this port.

• Friendly name: The friendly name is set in Network settings. The default name is a combination of the model and the media access control address (MAC address) of the connected device.

• Power consumption: Number of watts (W) that are currently consumed and allocated by the connected device.

Certificates are used to authenticate devices on a network. The device supports two types of certificates:

• Client/server certificates

  A client/server certificate validates the device’s identity, and can be self-signed or issued by a Certificate Authority (CA). A self-signed certificate offers limited protection and can be used before a CA-issued certificate has been obtained.

• CA certificates

  You can use a CA certificate to authenticate a peer certificate, for example to validate the identity of an authentication server when the device connects to a network protected by IEEE 802.1X. The device has several pre-installed CA certificates.

These formats are supported:

• Certificate formats: .PEM, .CER, and .PFX

• Private key formats: PKCS#1 and PKCS#12

Add certificate : Click to add a certificate.

• More: Show more fields to fill in or select.

• Secure keystore: Select to use Secure element or Trusted Platform Module 2.0 to securely store the private key. For more information on which secure keystore to select, go to help.axis.com/en-us/axis-os#cryptographic-support.

• Key type: Select the default or a different encryption algorithm from the drop-down list to protect the certificate.

The context menu contains:

• Certificate information: View an installed certificate’s properties.

• Delete certificate: Delete the certificate.

• Create certificate signing request: Create a certificate signing request to send to a registration authority to apply for a digital identity certificate.

Secure keystore:

• Secure element (CC EAL6+): Select to use secure element for secure keystore.

• Trusted Platform Module 2.0 (CC EAL4+, FIPS 140-2 Level 2): Select to use TPM 2.0 for secure keystore.

IEEE 802.1x is an IEEE standard for port-based network admission control providing secure authentication of wired and wireless network devices. IEEE 802.1x is based on EAP (Extensible Authentication Protocol).

To access a network protected by IEEE 802.1x, network devices must authenticate themselves. The authentication is performed by an authentication server, typically a RADIUS server (for example, FreeRADIUS and Microsoft Internet Authentication Server).

Certificates

When configured without a CA certificate, server certificate validation is disabled and the device tries to authenticate itself regardless of what network it is connected to.

When using a certificate, in Axis' implementation, the device and the authentication server authenticate themselves with digital certificates using EAP-TLS (Extensible Authentication Protocol - Transport Layer Security).

To allow the device to access a network protected through certificates, you must install a signed client certificate on the device.

Authentication method: Select an EAP type used for authentication. The default option is EAP-TLS. EAP-PEAP/MSCHAPv2 is a more secure option.

Client certificate: Select a client certificate to use IEEE 802.1x. The authentication server uses the certificate to validate the client’s identity.

CA certificate: Select CA certificates to validate the authentication server’s identity. When no certificate is selected, the device tries to authenticate itself regardless of what network it is connected to.

EAP identity: Enter the user identity associated with the client certificate.

EAPOL version: Select the EAPOL version that is used in the network switch.

Use IEEE 802.1x: Select to use the IEEE 802.1x protocol.

IEEE 802.1AE MACsec

IEEE 802.1AE MACsec is an IEEE standard for media access control (MAC) security that defines connectionless data confidentiality and integrity for media access independent protocols.

The settings are only available if you use EAP-TLS as the authentication method:

Mode

• Dynamic CAK / EAP-TLS: The default option. After a secured connection, the device checks for MACsec on the network.

• Static CAK / pre-shared key (PSK): Select to set the key name and value to connect to the network.

The settings are only available if you use EAP-PEAP/MSCHAPv2 as the authentication method:

• Password: Enter the password for your user identity.

• Peap version: Select the Peap version that is used in the network switch.

• Label: Select 1 to use client EAP encryption; select 2 to use client PEAP encryption. Select the Label that the network switch uses when using Peap version 1.

To install test firmware or other custom firmware from Axis on the device, you need a custom signed firmware certificate. The certificate verifies that the firmware is approved by both the device owner and Axis. The firmware can only run on a specific device which is identified by its unique serial number and chip ID. Only Axis can create custom signed firmware certificates, since Axis holds the key to sign them.

Install: Click to install the certificate. You need to install the certificate before you install the firmware.

The context menu contains:

• Delete certificate: Delete the certificate.

Add account: Click to add a new account. You can add up to 100 accounts.

Account: Enter a unique account name.

New password: Enter a password for the account. Passwords must be 1 to 64 characters long. Only ASCII printable characters (code 32 to 126) are allowed in the password, for example, letters, numbers, punctuation, and some symbols.

Repeat password: Enter the same password again.

Privileges:

• Administrator: Has full access to all settings. Administrators can also add, update, and remove other accounts.

• Operator: Has access to all settings except:

• • All System settings.

  • Adding apps.

• Viewer: Has access to:

• • Watch and take snapshots of a video stream.

  • Watch and export recordings.

  • Pan, tilt, and zoom; with PTZ user access.

The context menu contains:

Update account: Edit the account properties.

Delete account: Delete the account. You can’t delete the root account.

Add SSH account: Click to add a new SSH account.

• Restrict root access: Turn on to restrict functionality that requires root access.

• Enable SSH: Turn on to use SSH service.

Account: Enter a unique account name.

New password: Enter a password for the account. Passwords must be 1 to 64 characters long. Only ASCII printable characters (code 32 to 126) are allowed in the password, for example, letters, numbers, punctuation, and some symbols.

Repeat password: Enter the same password again.

Comment: Enter a comment (optional).

The context menu contains:

Update SSH account: Edit the account properties.

Delete SSH account: Delete the account. You can’t delete the root account.

• RAID

• Free: The amount of free disk space.

• Status: If the disk is mounted or not.

• File system: The file system that is used by the disk.

• Encrypted: If the disk is encrypted or not.

• Temperature: The current temperature of the hardware.

• Overall heath test: The result after checking the health of the disk.

• RAID level: The RAID level used for the storage. Supported RAID levels are 0, 1, 5, 6, 10.

• RAID status: The RAID status of the storage. Possible values are Online, Degraded, Syncing, and Failed.

• Tools
• Note

  When you run the following tools, make sure to wait until the operation is done before closing the page.

• Check: Check the storage device for errors and tries to repair it automatically.

• Repair: Repair the storage device. Active recordings will pause during the repair. Repairing a storage device may result in lost data.

• Format: Erase all recordings and format the storage device. Choose a file system.

• Encrypt: Encrypt data that is stored. All files on the storage device will be erased.

• Decrypt: Decrypt data that is stored. All files on the storage device will be erased.

• Change password: Change the password for the disk encryption. Changing the password doesn't disrupt ongoing recordings.

• Change RAID level: Change the RAID level for the storage.

• Use tool: Click to run the selected tool.

Hard drive status: Click to view the hard drive status, capacity, and serial number.

Write protect: Turn on write protection to protect the storage device from being overwritten.

Reports

• View the device server report: View information about the product status in a pop-up window. The Access Log is automatically included in the Server Report.

• Download the device server report: It creates a .zip file that contains a complete server report text file in UTF–8 format, as well as a snapshot of the current live view image. Always include the server report .zip file when you contact support.

• Download the crash report: Download an archive with detailed information about the server's status. The crash report contains information that is in the server report as well as detailed debug information. This report might contain sensitive information such as network traces. It can take several minutes to generate the report.

Logs

• View the system log: Click to show information about system events such as device startup, warnings, and critical messages.

• View the access log: Click to show all failed attempts to access the device, for example, when a wrong login password is used.

A network trace file can help you troubleshoot problems by recording activity on the network.

Trace time: Select the duration of the trace in seconds or minutes, and click Download.

Server: Click to add a new server.

Host: Enter the hostname or IP address of the server.

Format: Select which syslog message format to use.

• Axis

• RFC 3164

• RFC 5424

Protocol: Select the protocol to use:

• UDP (Default port is 514)

• TCP (Default port is 601)

• TLS (Default port is 6514)

Port: Edit the port number to use a different port.

Severity: Select which messages to send when triggered.

CA certificate set: See the current settings or add a certificate.

Restart: Restart the device. This does not affect any of the current settings. Running applications restart automatically.

Restore: Return most settings to the factory default values. Afterwards you must reconfigure the device and apps, reinstall any apps that didn’t come preinstalled, and recreate any events and presets.

Factory default: Return all settings to the factory default values. Afterwards you must reset the IP address to make the device accessible.

Firmware upgrade: Upgrade to a new firmware version. New firmware releases can contain improved functionality, bug fixes, and completely new features. We recommend you to always use the latest release. To download the latest release, go to axis.com/support.

• When you upgrade, you can choose between three options:

• Standard upgrade: Upgrade to the new firmware version.

• Factory default: Upgrade and return all settings to the factory default values. When you choose this option, you can’t revert to the previous firmware version after the upgrade.

• Autorollback: Upgrade and confirm the upgrade within the set time. If you don’t confirm, the device reverts to the previous firmware version.

Firmware rollback: Revert to the previously installed firmware version.

My recordings are not available.

Go to Fix common issues.

I cannot connect to my cameras.

Go to Fix common issues.

I receive error notification: “No contact”.

Go to Fix common issues.

My sites do not appear in my mobile app.

Make sure you have version 4 of the AXIS Companion mobile app.